Commit 7efe930ec3c introduced interlock of snapshots and checkpoints,
but the check is executed prior to the snapshot API ACL check. This
means that an unauthorized user can see whether a VM exists if it has a
checkpoint.
Move the checks to proper places.
Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
Given that currently checkpoints by themselves are not very useful I
doubt that there are users which could hit this. Thus I'm sending it
also directly to the public mailing list for faster turnaround.
src/qemu/qemu_driver.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 0753904472..f7f059b6d6 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -15902,18 +15902,18 @@ qemuDomainSnapshotCreateXML(virDomainPtr domain,
if (!(vm = qemuDomObjFromDomain(domain)))
goto cleanup;
- if (virDomainListCheckpoints(vm->checkpoints, NULL, domain, NULL, 0) > 0) {
- virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
- _("cannot create snapshot while checkpoint exists"));
- goto cleanup;
- }
-
priv = vm->privateData;
cfg = virQEMUDriverGetConfig(driver);
if (virDomainSnapshotCreateXMLEnsureACL(domain->conn, vm->def, flags) < 0)
goto cleanup;
+ if (virDomainListCheckpoints(vm->checkpoints, NULL, domain, NULL, 0) > 0) {
+ virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+ _("cannot create snapshot while checkpoint exists"));
+ goto cleanup;
+ }
+
if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
goto cleanup;
--
2.21.0
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
