On Mon, Jan 11, 2016 at 01:20:38PM +0100, Michal Privoznik wrote:
> On 11.01.2016 13:11, Daniel P. Berrange wrote:
> > On Mon, Jan 11, 2016 at 12:52:36PM +0100, Michal Privoznik wrote:
> >> This API does not change domain state. It's merely like
> >> virDomainGetXMLDesc() - and we don't reject RO connections there.
> >> There's no reason to reject them here.
> >
> > This API can result in talking to the guest agent IIRC, which should
> > be denied for read-only.
>
> Ah, I see. We have the following check in the code:
>
> int
> virDomainGetVcpusFlags(virDomainPtr domain, unsigned int flags)
> {
> /* ... */
> if (flags & VIR_DOMAIN_VCPU_GUEST)
> virCheckReadOnlyGoto(conn->flags, error);
> }
>
> On the other hand, virDomainGetTime() talks to guest agent and is allowed on RO connection.
>
> So what about the following change instead?
>
> diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
> index e5af933..95b797a 100644
> --- a/src/libvirt-domain.c
> +++ b/src/libvirt-domain.c
> @@ -11545,7 +11545,8 @@ virDomainInterfaceAddresses(virDomainPtr dom,
> if (ifaces)
> *ifaces = NULL;
> virCheckDomainReturn(dom, -1);
> - virCheckNonNullArgGoto(ifaces, error);
> + if (source == VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT)
> + virCheckNonNullArgGoto(ifaces, error);
You want to be checking the readonly flag here, not ifaces...
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list