On 3/6/19 11:47 PM, Eric Blake wrote: > The remote code generator had to be taught about the new > virDomainCheckpointPtr type, at which point the remote driver > code for backups can be generated. > > Signed-off-by: Eric Blake <eblake@xxxxxxxxxx> > --- Question for Dan: > + /** > + * @generate: both > + * @acl: domain:checkpoint > + */ > + REMOTE_PROC_DOMAIN_CHECKPOINT_CREATE_XML = 404, Patch 8/20 created a new domain:checkpoint access category, which works well here... > + > + /** > + * @generate: both > + * @acl: domain:checkpoint > + * @acl: domain:block_read This one should be block_write, not block_read, because it is copying out guest data (which could be a security consideration); basically, the same as virDomainBlockCopy. > + */ > + REMOTE_PROC_DOMAIN_BACKUP_BEGIN = 415, ...my question is whether it is possible to make the domain:checkpoint permission be conditional on whether the checkpointXml argument was supplied. It's unlikely that someone with domain:block_write to copy disks won't also have domain:checkpoint, but if they aren't creating a checkpoint, it would be nicer to not require that access right. Is the only way to do that by having libvirt declare a flag which gets set any time checkpointXml is non-NULL, so that we can then do domain:checkpoint:FLAG_NAME? (This would be an unusual case where libvirt would set the flag on the user's behalf, and where the flag exists more for the ACL checking than for something inherent to what the user has to tell the driver). The same question applies to my proposed virDomainSnapshotCreateXML2 (there, it would be domain:snapshot instead of domain:block_write as the unconditional permission, but a conditional permission on domain:checkpoint when checkpointXml is non-NULL would be nice to figure out). -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list