Creating a checkpoint does not modify guest-visible state, but does modify host resources. Rather than reuse existing domain:write, domain:block_write, or domain:snapshot access controls, it seems better to introduce a new access control specific to tasks related to checkpoints and incremental backups of guest disk state. Signed-off-by: Eric Blake <eblake@xxxxxxxxxx> Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> --- src/access/viraccessperm.h | 6 ++++++ src/access/viraccessperm.c | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/access/viraccessperm.h b/src/access/viraccessperm.h index ed1f7168ca..bf152d1dc3 100644 --- a/src/access/viraccessperm.h +++ b/src/access/viraccessperm.h @@ -187,6 +187,12 @@ typedef enum { */ VIR_ACCESS_PERM_DOMAIN_MIGRATE, /* Host migration */ + /** + * @desc: Checkpoint domain + * @message: Checkpointing domain requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_CHECKPOINT, /* Checkpoint disks */ + /** * @desc: Snapshot domain * @message: Snapshotting domain requires authorization diff --git a/src/access/viraccessperm.c b/src/access/viraccessperm.c index 67f751ef9c..b74b28f55b 100644 --- a/src/access/viraccessperm.c +++ b/src/access/viraccessperm.c @@ -39,7 +39,8 @@ VIR_ENUM_IMPL(virAccessPermDomain, "getattr", "read", "write", "read_secure", "start", "stop", "reset", "save", "delete", - "migrate", "snapshot", "suspend", "hibernate", "core_dump", "pm_control", + "migrate", "checkpoint", "snapshot", "suspend", "hibernate", + "core_dump", "pm_control", "init_control", "inject_nmi", "send_input", "send_signal", "fs_trim", "fs_freeze", "block_read", "block_write", "mem_read", -- 2.20.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list