From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Inserts the minimal access control checks to the QEMU driver to
protect usage of virDomainObjPtr objects.
---
src/qemu/qemu_driver.c | 631 ++++++++++++++++++++++++++++++++++++++++++--
src/qemu/qemu_migration.c | 5 +
2 files changed, 607 insertions(+), 29 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 0507b43..ce0b68e 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1151,6 +1151,11 @@ static virDomainPtr qemudDomainLookupByID(virConnectPtr conn,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_GETATTR))
+ goto cleanup;
+
dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
if (dom) dom->id = vm->def->id;
@@ -1178,6 +1183,11 @@ static virDomainPtr qemudDomainLookupByUUID(virConnectPtr conn,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_GETATTR))
+ goto cleanup;
+
dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
if (dom) dom->id = vm->def->id;
@@ -1203,6 +1213,11 @@ static virDomainPtr qemudDomainLookupByName(virConnectPtr conn,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_GETATTR))
+ goto cleanup;
+
dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
if (dom) dom->id = vm->def->id;
@@ -1216,72 +1231,90 @@ cleanup:
static int qemuDomainIsActive(virDomainPtr dom)
{
struct qemud_driver *driver = dom->conn->privateData;
- virDomainObjPtr obj;
+ virDomainObjPtr vm;
int ret = -1;
qemuDriverLock(driver);
- obj = virDomainFindByUUID(&driver->domains, dom->uuid);
+ vm = virDomainFindByUUID(&driver->domains, dom->uuid);
qemuDriverUnlock(driver);
- if (!obj) {
+ if (!vm) {
char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(dom->uuid, uuidstr);
qemuReportError(VIR_ERR_NO_DOMAIN,
_("no domain with matching uuid '%s'"), uuidstr);
goto cleanup;
}
- ret = virDomainObjIsActive(obj);
+
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
+ ret = virDomainObjIsActive(vm);
cleanup:
- if (obj)
- virDomainObjUnlock(obj);
+ if (vm)
+ virDomainObjUnlock(vm);
return ret;
}
static int qemuDomainIsPersistent(virDomainPtr dom)
{
struct qemud_driver *driver = dom->conn->privateData;
- virDomainObjPtr obj;
+ virDomainObjPtr vm;
int ret = -1;
qemuDriverLock(driver);
- obj = virDomainFindByUUID(&driver->domains, dom->uuid);
+ vm = virDomainFindByUUID(&driver->domains, dom->uuid);
qemuDriverUnlock(driver);
- if (!obj) {
+ if (!vm) {
char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(dom->uuid, uuidstr);
qemuReportError(VIR_ERR_NO_DOMAIN,
_("no domain with matching uuid '%s'"), uuidstr);
goto cleanup;
}
- ret = obj->persistent;
+
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
+ ret = vm->persistent;
cleanup:
- if (obj)
- virDomainObjUnlock(obj);
+ if (vm)
+ virDomainObjUnlock(vm);
return ret;
}
static int qemuDomainIsUpdated(virDomainPtr dom)
{
struct qemud_driver *driver = dom->conn->privateData;
- virDomainObjPtr obj;
+ virDomainObjPtr vm;
int ret = -1;
qemuDriverLock(driver);
- obj = virDomainFindByUUID(&driver->domains, dom->uuid);
+ vm = virDomainFindByUUID(&driver->domains, dom->uuid);
qemuDriverUnlock(driver);
- if (!obj) {
+ if (!vm) {
char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(dom->uuid, uuidstr);
qemuReportError(VIR_ERR_NO_DOMAIN,
_("no domain with matching uuid '%s'"), uuidstr);
goto cleanup;
}
- ret = obj->updated;
+
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
+ ret = vm->updated;
cleanup:
- if (obj)
- virDomainObjUnlock(obj);
+ if (vm)
+ virDomainObjUnlock(vm);
return ret;
}
@@ -1303,10 +1336,12 @@ cleanup:
static int qemudListDomains(virConnectPtr conn, int *ids, int nids) {
struct qemud_driver *driver = conn->privateData;
- int n;
+ int n = -1;
qemuDriverLock(driver);
- n = virDomainObjListGetActiveIDs(&driver->domains, ids, nids);
+ if (virAccessManagerCheckConnect(driver->accessManager,
+ VIR_ACCESS_VECTOR_CONNECT_SEARCH_DOMAINS))
+ n = virDomainObjListGetActiveIDs(&driver->domains, ids, nids);
qemuDriverUnlock(driver);
return n;
@@ -1314,10 +1349,12 @@ static int qemudListDomains(virConnectPtr conn, int *ids, int nids) {
static int qemudNumDomains(virConnectPtr conn) {
struct qemud_driver *driver = conn->privateData;
- int n;
+ int n = -1;
qemuDriverLock(driver);
- n = virDomainObjListNumOfDomains(&driver->domains, 1);
+ if (virAccessManagerCheckConnect(driver->accessManager,
+ VIR_ACCESS_VECTOR_CONNECT_SEARCH_DOMAINS))
+ n = virDomainObjListNumOfDomains(&driver->domains, 1);
qemuDriverUnlock(driver);
return n;
@@ -1344,6 +1381,15 @@ static virDomainPtr qemudDomainCreate(virConnectPtr conn, const char *xml,
if (virSecurityManagerVerify(driver->securityManager, def) < 0)
goto cleanup;
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ def,
+ VIR_ACCESS_VECTOR_DOMAIN_WRITE))
+ goto cleanup;
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ def,
+ VIR_ACCESS_VECTOR_DOMAIN_START))
+ goto cleanup;
+
if (virDomainObjIsDuplicate(&driver->domains, def, 1) < 0)
goto cleanup;
@@ -1435,6 +1481,11 @@ static int qemudDomainSuspend(virDomainPtr dom) {
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SUSPEND))
+ goto cleanup;
+
priv = vm->privateData;
if (priv->job.asyncJob == QEMU_ASYNC_JOB_MIGRATION_OUT) {
@@ -1497,6 +1548,11 @@ static int qemudDomainResume(virDomainPtr dom) {
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SUSPEND))
+ goto cleanup;
+
if (qemuDomainObjBeginJobWithDriver(driver, vm, QEMU_JOB_MODIFY) < 0)
goto cleanup;
@@ -1554,6 +1610,11 @@ static int qemuDomainShutdown(virDomainPtr dom) {
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SHUTDOWN))
+ goto cleanup;
+
if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
goto cleanup;
@@ -1601,6 +1662,11 @@ static int qemuDomainReboot(virDomainPtr dom, unsigned int flags) {
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_REBOOT))
+ goto cleanup;
+
priv = vm->privateData;
if (qemuCapsGet(priv->qemuCaps, QEMU_CAPS_MONITOR_JSON)) {
@@ -1663,6 +1729,11 @@ qemuDomainReset(virDomainPtr dom, unsigned int flags)
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_RESET))
+ goto cleanup;
+
if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
goto cleanup;
@@ -1725,6 +1796,11 @@ qemuDomainDestroyFlags(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_STOP))
+ goto cleanup;
+
priv = vm->privateData;
qemuDomainSetFakeReboot(driver, vm, false);
@@ -1801,6 +1877,11 @@ static char *qemudDomainGetOSType(virDomainPtr dom) {
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
if (!(type = strdup(vm->def->os.type)))
virReportOOMError();
@@ -1828,6 +1909,11 @@ static unsigned long qemudDomainGetMaxMemory(virDomainPtr dom) {
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
ret = vm->def->mem.max_balloon;
cleanup:
@@ -1859,6 +1945,17 @@ static int qemudDomainSetMemoryFlags(virDomainPtr dom, unsigned long newmem,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_WRITE))
+ goto cleanup;
+ if ((flags & VIR_DOMAIN_AFFECT_CONFIG) &&
+ !virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
+
if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
goto cleanup;
@@ -1961,6 +2058,11 @@ static int qemuDomainInjectNMI(virDomainPtr domain, unsigned int flags)
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_INJECT_NMI))
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("domain is not running"));
@@ -2038,6 +2140,11 @@ static int qemuDomainSendKey(virDomainPtr domain,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SEND_KEY))
+ goto cleanup;
+
priv = vm->privateData;
if (qemuDomainObjBeginJobWithDriver(driver, vm, QEMU_JOB_MODIFY) < 0)
@@ -2084,6 +2191,11 @@ static int qemudDomainGetInfo(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
info->state = virDomainObjGetState(vm, NULL);
if (!virDomainObjIsActive(vm)) {
@@ -2171,6 +2283,11 @@ qemuDomainGetState(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
*state = virDomainObjGetState(vm, reason);
ret = 0;
@@ -2204,6 +2321,11 @@ qemuDomainGetControlInfo(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("domain is not running"));
@@ -2706,6 +2828,15 @@ qemuDomainSaveFlags(virDomainPtr dom, const char *path, const char *dxml,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_STOP))
+ goto cleanup;
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_HIBERNATE))
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("domain is not running"));
@@ -2765,6 +2896,15 @@ qemuDomainManagedSave(virDomainPtr dom, unsigned int flags)
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_STOP))
+ goto cleanup;
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_HIBERNATE))
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("domain is not running"));
@@ -2816,6 +2956,11 @@ qemuDomainHasManagedSaveImage(virDomainPtr dom, unsigned int flags)
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
name = qemuDomainManagedSavePath(driver, vm);
if (name == NULL)
goto cleanup;
@@ -2850,6 +2995,11 @@ qemuDomainManagedSaveRemove(virDomainPtr dom, unsigned int flags)
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_WRITE))
+ goto cleanup;
+
name = qemuDomainManagedSavePath(driver, vm);
if (name == NULL)
goto cleanup;
@@ -2974,6 +3124,21 @@ static int qemudDomainCoreDump(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_CORE_DUMP))
+ goto cleanup;
+ if (!(flags & VIR_DUMP_LIVE) &&
+ !virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SUSPEND))
+ goto cleanup;
+ if ((flags & VIR_DUMP_CRASH) &&
+ !virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_STOP))
+ goto cleanup;
+
if (qemuDomainObjBeginAsyncJobWithDriver(driver, vm,
QEMU_ASYNC_JOB_DUMP) < 0)
goto cleanup;
@@ -3084,6 +3249,11 @@ qemuDomainScreenshot(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SCREENSHOT))
+ goto cleanup;
+
priv = vm->privateData;
if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0)
@@ -3310,6 +3480,16 @@ qemuDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_WRITE))
+ goto cleanup;
+ if ((flags & VIR_DOMAIN_AFFECT_CONFIG) &&
+ !virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SAVE))
+ goto cleanup;
+
if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
goto cleanup;
@@ -3428,6 +3608,16 @@ qemudDomainPinVcpuFlags(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+ if ((flags & VIR_DOMAIN_AFFECT_CONFIG) &&
+ !virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SAVE))
+ goto cleanup;
+
if (virDomainLiveConfigHelperMethod(driver->caps, vm, &flags,
&persistentDef) < 0)
goto cleanup;
@@ -3561,6 +3751,11 @@ qemudDomainGetVcpuPinInfo(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
if (virDomainLiveConfigHelperMethod(driver->caps, vm, &flags,
&targetDef) < 0)
goto cleanup;
@@ -3640,6 +3835,11 @@ qemudDomainGetVcpus(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
"%s",
@@ -3730,6 +3930,11 @@ qemudDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags)
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
if (virDomainLiveConfigHelperMethod(driver->caps, vm, &flags, &def) < 0)
goto cleanup;
@@ -3771,6 +3976,11 @@ static int qemudDomainGetSecurityLabel(virDomainPtr dom, virSecurityLabelPtr sec
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
if (!virDomainVirtTypeToString(vm->def->virtType)) {
qemuReportError(VIR_ERR_INTERNAL_ERROR,
_("unknown virt type in domain definition '%d'"),
@@ -4140,6 +4350,11 @@ qemuDomainRestoreFlags(virConnectPtr conn,
if (fd < 0)
goto cleanup;
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ def,
+ VIR_ACCESS_VECTOR_DOMAIN_START))
+ goto cleanup;
+
if (virDomainObjIsDuplicate(&driver->domains, def, 1) < 0)
goto cleanup;
@@ -4204,6 +4419,11 @@ qemuDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *path,
if (fd < 0)
goto cleanup;
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
ret = qemuDomainDefFormatXML(driver, def, flags);
cleanup:
@@ -4246,6 +4466,15 @@ qemuDomainSaveImageDefineXML(virConnectPtr conn, const char *path,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ def,
+ VIR_ACCESS_VECTOR_DOMAIN_WRITE))
+ goto cleanup;
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ def,
+ VIR_ACCESS_VECTOR_DOMAIN_SAVE))
+ goto cleanup;
+
xml = qemuDomainDefFormatXML(driver, def, (VIR_DOMAIN_XML_INACTIVE |
VIR_DOMAIN_XML_SECURE));
if (!xml)
@@ -4360,6 +4589,16 @@ static char *qemuDomainGetXMLDesc(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+ if ((flags & VIR_DOMAIN_XML_SECURE) &&
+ !virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ_SECURE))
+ goto cleanup;
+
/* Refresh current memory based on balloon info if supported */
if ((vm->def->memballoon != NULL) &&
(vm->def->memballoon->model != VIR_DOMAIN_MEMBALLOON_MODEL_NONE) &&
@@ -4576,20 +4815,24 @@ cleanup:
static int qemudListDefinedDomains(virConnectPtr conn,
char **const names, int nnames) {
struct qemud_driver *driver = conn->privateData;
- int n;
+ int n = -1;
qemuDriverLock(driver);
- n = virDomainObjListGetInactiveNames(&driver->domains, names, nnames);
+ if (virAccessManagerCheckConnect(driver->accessManager,
+ VIR_ACCESS_VECTOR_CONNECT_SEARCH_DOMAINS))
+ n = virDomainObjListGetInactiveNames(&driver->domains, names, nnames);
qemuDriverUnlock(driver);
return n;
}
static int qemudNumDefinedDomains(virConnectPtr conn) {
struct qemud_driver *driver = conn->privateData;
- int n;
+ int n = -1;
qemuDriverLock(driver);
- n = virDomainObjListNumOfDomains(&driver->domains, 0);
+ if (virAccessManagerCheckConnect(driver->accessManager,
+ VIR_ACCESS_VECTOR_CONNECT_SEARCH_DOMAINS))
+ n = virDomainObjListNumOfDomains(&driver->domains, 0);
qemuDriverUnlock(driver);
return n;
@@ -4687,6 +4930,11 @@ qemuDomainStartWithFlags(virDomainPtr dom, unsigned int flags)
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_START))
+ goto cleanup;
+
if (qemuDomainObjBeginJobWithDriver(driver, vm, QEMU_JOB_MODIFY) < 0)
goto cleanup;
@@ -4835,6 +5083,15 @@ static virDomainPtr qemudDomainDefine(virConnectPtr conn, const char *xml) {
if (virSecurityManagerVerify(driver->securityManager, def) < 0)
goto cleanup;
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_WRITE))
+ goto cleanup;
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SAVE))
+ goto cleanup;
+
if ((dupVM = virDomainObjIsDuplicate(&driver->domains, def, 0)) < 0)
goto cleanup;
@@ -4905,6 +5162,11 @@ qemuDomainUndefineFlags(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_DELETE))
+ goto cleanup;
+
if (!vm->persistent) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("cannot undefine transient domain"));
@@ -5515,6 +5777,17 @@ qemuDomainModifyDeviceFlags(virDomainPtr dom, const char *xml,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_WRITE))
+ goto cleanup;
+
+ if ((flags & VIR_DOMAIN_AFFECT_CONFIG) &&
+ !virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SAVE))
+ goto cleanup;
+
if (qemuDomainObjBeginJobWithDriver(driver, vm, QEMU_JOB_MODIFY) < 0)
goto cleanup;
@@ -5682,6 +5955,11 @@ static int qemudDomainGetAutostart(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
*autostart = vm->autostart;
ret = 0;
@@ -5709,6 +5987,15 @@ static int qemudDomainSetAutostart(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_WRITE))
+ goto cleanup;
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SAVE))
+ goto cleanup;
+
if (!vm->persistent) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("cannot set autostart for transient domain"));
@@ -5799,8 +6086,22 @@ static char *qemuGetSchedulerType(virDomainPtr dom,
struct qemud_driver *driver = dom->conn->privateData;
char *ret = NULL;
int rc;
+ virDomainObjPtr vm = NULL;
qemuDriverLock(driver);
+ vm = virDomainFindByUUID(&driver->domains, dom->uuid);
+
+ if (vm == NULL) {
+ qemuReportError(VIR_ERR_INTERNAL_ERROR,
+ _("No such domain %s"), dom->uuid);
+ goto cleanup;
+ }
+
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
if (!qemuCgroupControllerActive(driver, VIR_CGROUP_CONTROLLER_CPU)) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("cgroup CPU controller is not mounted"));
@@ -5822,6 +6123,8 @@ static char *qemuGetSchedulerType(virDomainPtr dom,
virReportOOMError();
cleanup:
+ if (vm)
+ virDomainObjUnlock(vm);
qemuDriverUnlock(driver);
return ret;
}
@@ -5944,9 +6247,9 @@ qemuDomainMergeDeviceWeights(virBlkioDeviceWeightPtr *def, size_t *def_size,
}
static int qemuDomainSetBlkioParameters(virDomainPtr dom,
- virTypedParameterPtr params,
- int nparams,
- unsigned int flags)
+ virTypedParameterPtr params,
+ int nparams,
+ unsigned int flags)
{
struct qemud_driver *driver = dom->conn->privateData;
int i;
@@ -5967,6 +6270,16 @@ static int qemuDomainSetBlkioParameters(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_WRITE))
+ goto cleanup;
+ if ((flags & VIR_DOMAIN_AFFECT_CONFIG) &&
+ !virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SAVE))
+ goto cleanup;
+
if (virDomainLiveConfigHelperMethod(driver->caps, vm, &flags,
&persistentDef) < 0)
goto cleanup;
@@ -6156,6 +6469,11 @@ static int qemuDomainGetBlkioParameters(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
if ((*nparams) == 0) {
/* Current number of blkio parameters supported by cgroups */
*nparams = QEMU_NB_BLKIO_PARAM;
@@ -6349,6 +6667,16 @@ static int qemuDomainSetMemoryParameters(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_WRITE))
+ goto cleanup;
+ if ((flags & VIR_DOMAIN_AFFECT_CONFIG) &&
+ !virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SAVE))
+ goto cleanup;
+
if (virDomainLiveConfigHelperMethod(driver->caps, vm, &flags,
&persistentDef) < 0)
goto cleanup;
@@ -6489,6 +6817,11 @@ static int qemuDomainGetMemoryParameters(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
if (virDomainLiveConfigHelperMethod(driver->caps, vm, &flags,
&persistentDef) < 0)
goto cleanup;
@@ -6664,6 +6997,16 @@ qemuDomainSetNumaParameters(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_WRITE))
+ goto cleanup;
+ if ((flags & VIR_DOMAIN_AFFECT_CONFIG) &&
+ !virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SAVE))
+ goto cleanup;
+
if (virDomainLiveConfigHelperMethod(driver->caps, vm, &flags,
&persistentDef) < 0)
goto cleanup;
@@ -6846,6 +7189,11 @@ qemuDomainGetNumaParameters(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
if (virDomainLiveConfigHelperMethod(driver->caps, vm, &flags,
&persistentDef) < 0)
goto cleanup;
@@ -7070,6 +7418,16 @@ static int qemuSetSchedulerParametersFlags(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_WRITE))
+ goto cleanup;
+ if ((flags & VIR_DOMAIN_AFFECT_CONFIG) &&
+ !virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SAVE))
+ goto cleanup;
+
if (virDomainLiveConfigHelperMethod(driver->caps, vm, &flags,
&vmdef) < 0)
goto cleanup;
@@ -7307,6 +7665,11 @@ qemuGetSchedulerParametersFlags(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
if (virDomainLiveConfigHelperMethod(driver->caps, vm, &flags,
&persistentDef) < 0)
goto cleanup;
@@ -7452,6 +7815,11 @@ qemuDomainBlockResize (virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_WRITE))
+ goto cleanup;
+
priv = vm->privateData;
if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
@@ -7522,6 +7890,11 @@ qemuDomainBlockStats(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("domain is not running"));
@@ -7607,6 +7980,11 @@ qemuDomainBlockStatsFlags(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("domain is not running"));
@@ -7820,6 +8198,11 @@ qemudDomainInterfaceStats (virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("domain is not running"));
@@ -7886,6 +8269,16 @@ qemuDomainSetInterfaceParameters(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_WRITE))
+ goto cleanup;
+ if ((flags & VIR_DOMAIN_AFFECT_CONFIG) &&
+ !virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SAVE))
+ goto cleanup;
+
if (virDomainLiveConfigHelperMethod(driver->caps, vm, &flags,
&persistentDef) < 0)
goto cleanup;
@@ -8108,6 +8501,11 @@ qemuDomainGetInterfaceParameters(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
if (virDomainLiveConfigHelperMethod(driver->caps, vm, &flags,
&persistentDef) < 0)
goto cleanup;
@@ -8237,6 +8635,11 @@ qemudDomainMemoryStats (virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0)
goto cleanup;
@@ -8285,6 +8688,11 @@ qemudDomainBlockPeek (virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ_BLOCK))
+ goto cleanup;
+
if (!path || path[0] == '\0') {
qemuReportError(VIR_ERR_INVALID_ARG,
"%s", _("NULL or empty path"));
@@ -8353,6 +8761,11 @@ qemudDomainMemoryPeek (virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ_MEM))
+ goto cleanup;
+
if (flags != VIR_MEMORY_VIRTUAL && flags != VIR_MEMORY_PHYSICAL) {
qemuReportError(VIR_ERR_INVALID_ARG,
"%s", _("flags parameter must be VIR_MEMORY_VIRTUAL or VIR_MEMORY_PHYSICAL"));
@@ -8450,6 +8863,11 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
if (!path || path[0] == '\0') {
qemuReportError(VIR_ERR_INVALID_ARG,
"%s", _("NULL or empty path"));
@@ -8813,6 +9231,11 @@ qemudDomainMigratePerform (virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_MIGRATE))
+ goto cleanup;
+
if (flags & VIR_MIGRATE_PEER2PEER) {
dconnuri = uri;
uri = NULL;
@@ -8859,6 +9282,11 @@ qemudDomainMigrateFinish2 (virConnectPtr dconn,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_MIGRATE))
+ goto cleanup;
+
/* Do not use cookies in v2 protocol, since the cookie
* length was not sufficiently large, causing failures
* migrating between old & new libvirtd
@@ -8902,6 +9330,11 @@ qemuDomainMigrateBegin3(virDomainPtr domain,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_MIGRATE))
+ goto cleanup;
+
if ((flags & VIR_MIGRATE_CHANGE_PROTECTION)) {
if (qemuMigrationJobStart(driver, vm, QEMU_ASYNC_JOB_MIGRATION_OUT) < 0)
goto cleanup;
@@ -9083,6 +9516,11 @@ qemuDomainMigratePerform3(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_MIGRATE))
+ goto cleanup;
+
ret = qemuMigrationPerform(driver, dom->conn, vm, xmlin,
dconnuri, uri, cookiein, cookieinlen,
cookieout, cookieoutlen,
@@ -9120,6 +9558,11 @@ qemuDomainMigrateFinish3(virConnectPtr dconn,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_MIGRATE))
+ goto cleanup;
+
dom = qemuMigrationFinish(driver, dconn, vm,
cookiein, cookieinlen,
cookieout, cookieoutlen,
@@ -9154,6 +9597,11 @@ qemuDomainMigrateConfirm3(virDomainPtr domain,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_MIGRATE))
+ goto cleanup;
+
if (!qemuMigrationJobIsActive(vm, QEMU_ASYNC_JOB_MIGRATION_OUT))
goto cleanup;
@@ -9394,6 +9842,11 @@ static int qemuDomainGetJobInfo(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
priv = vm->privateData;
if (virDomainObjIsActive(vm)) {
@@ -9444,6 +9897,11 @@ static int qemuDomainAbortJob(virDomainPtr dom) {
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_WRITE))
+ goto cleanup;
+
if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_ABORT) < 0)
goto cleanup;
@@ -9506,6 +9964,11 @@ qemuDomainMigrateSetMaxDowntime(virDomainPtr dom,
return -1;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_MIGRATE))
+ goto cleanup;
+
if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MIGRATION_OP) < 0)
goto cleanup;
@@ -9562,6 +10025,11 @@ qemuDomainMigrateSetMaxSpeed(virDomainPtr dom,
return -1;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_MIGRATE))
+ goto cleanup;
+
priv = vm->privateData;
if (virDomainObjIsActive(vm)) {
if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MIGRATION_OP) < 0)
@@ -9619,6 +10087,11 @@ qemuDomainMigrateGetMaxSpeed(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_MIGRATE))
+ goto cleanup;
+
priv = vm->privateData;
*bandwidth = priv->migMaxBandwidth;
ret = 0;
@@ -10098,6 +10571,11 @@ qemuDomainSnapshotCreateXML(virDomainPtr domain,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SNAPSHOT))
+ goto cleanup;
+
if (qemuProcessAutoDestroyActive(driver, vm)) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("domain is marked for auto destroy"));
@@ -10351,6 +10829,11 @@ static int qemuDomainSnapshotListNames(virDomainPtr domain, char **names,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
n = virDomainSnapshotObjListGetNames(&vm->snapshots, names, nameslen,
flags);
@@ -10382,6 +10865,11 @@ static int qemuDomainSnapshotNum(virDomainPtr domain,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
/* All qemu snapshots have libvirt metadata, so
* VIR_DOMAIN_SNAPSHOT_LIST_METADATA makes no difference to our
* answer. */
@@ -10420,6 +10908,11 @@ qemuDomainSnapshotListChildrenNames(virDomainSnapshotPtr snapshot,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
snap = virDomainSnapshotFindByName(&vm->snapshots, snapshot->name);
if (!snap) {
qemuReportError(VIR_ERR_NO_DOMAIN_SNAPSHOT,
@@ -10460,6 +10953,11 @@ qemuDomainSnapshotNumChildren(virDomainSnapshotPtr snapshot,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
snap = virDomainSnapshotFindByName(&vm->snapshots, snapshot->name);
if (!snap) {
qemuReportError(VIR_ERR_NO_DOMAIN_SNAPSHOT,
@@ -10502,6 +11000,11 @@ static virDomainSnapshotPtr qemuDomainSnapshotLookupByName(virDomainPtr domain,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
snap = virDomainSnapshotFindByName(&vm->snapshots, name);
if (!snap) {
qemuReportError(VIR_ERR_NO_DOMAIN_SNAPSHOT,
@@ -10537,6 +11040,11 @@ static int qemuDomainHasCurrentSnapshot(virDomainPtr domain,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
ret = (vm->current_snapshot != NULL);
cleanup:
@@ -10567,6 +11075,11 @@ qemuDomainSnapshotGetParent(virDomainSnapshotPtr snapshot,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
snap = virDomainSnapshotFindByName(&vm->snapshots, snapshot->name);
if (!snap) {
qemuReportError(VIR_ERR_NO_DOMAIN_SNAPSHOT,
@@ -10610,6 +11123,11 @@ static virDomainSnapshotPtr qemuDomainSnapshotCurrent(virDomainPtr domain,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
if (!vm->current_snapshot) {
qemuReportError(VIR_ERR_NO_DOMAIN_SNAPSHOT, "%s",
_("the domain does not have a current snapshot"));
@@ -10645,6 +11163,11 @@ static char *qemuDomainSnapshotGetXMLDesc(virDomainSnapshotPtr snapshot,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
snap = virDomainSnapshotFindByName(&vm->snapshots, snapshot->name);
if (!snap) {
qemuReportError(VIR_ERR_NO_DOMAIN_SNAPSHOT,
@@ -10715,6 +11238,11 @@ static int qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SNAPSHOT))
+ goto cleanup;
+
snap = virDomainSnapshotFindByName(&vm->snapshots, snapshot->name);
if (!snap) {
qemuReportError(VIR_ERR_NO_DOMAIN_SNAPSHOT,
@@ -11076,6 +11604,11 @@ static int qemuDomainSnapshotDelete(virDomainSnapshotPtr snapshot,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SNAPSHOT))
+ goto cleanup;
+
snap = virDomainSnapshotFindByName(&vm->snapshots, snapshot->name);
if (!snap) {
qemuReportError(VIR_ERR_NO_DOMAIN_SNAPSHOT,
@@ -11193,6 +11726,11 @@ static int qemuDomainMonitorCommand(virDomainPtr domain, const char *cmd,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_WRITE))
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("domain is not running"));
@@ -11251,6 +11789,11 @@ static virDomainPtr qemuDomainAttach(virConnectPtr conn,
&pidfile, &monConfig, &monJSON)))
goto cleanup;
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_START))
+ goto cleanup;
+
if (!monConfig) {
qemuReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("No monitor connection for pid %u"),
@@ -11341,6 +11884,11 @@ qemuDomainOpenConsole(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_OPEN_CONSOLE))
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("domain is not running"));
@@ -11447,6 +11995,11 @@ qemuDomainBlockJobImpl(virDomainPtr dom, const char *path,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_WRITE))
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("domain is not running"));
@@ -11547,6 +12100,11 @@ qemuDomainOpenGraphics(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_OPEN_GRAPHICS))
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("domain is not running"));
@@ -11624,6 +12182,16 @@ qemuDomainSetBlockIoTune(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_WRITE))
+ goto cleanup;
+ if ((flags & VIR_DOMAIN_AFFECT_CONFIG) &&
+ !virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_SAVE))
+ goto cleanup;
+
device = qemuDiskPathToAlias(vm, disk);
if (!device) {
goto cleanup;
@@ -11753,6 +12321,11 @@ qemuDomainGetBlockIoTune(virDomainPtr dom,
goto cleanup;
}
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_READ))
+ goto cleanup;
+
if ((*nparams) == 0) {
/* Current number of parameters supported by QEMU Block I/O Throttling */
*nparams = QEMU_NB_BLOCK_IO_TUNE_PARAM;
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 8453a47..554e0e6 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -1105,6 +1105,11 @@ qemuMigrationPrepareAny(struct qemud_driver *driver,
VIR_DOMAIN_XML_INACTIVE)))
goto cleanup;
+ if (!virAccessManagerCheckDomain(driver->accessManager,
+ vm->def,
+ VIR_ACCESS_VECTOR_DOMAIN_MIGRATE))
+ goto cleanup;
+
if (!qemuMigrationIsAllowed(driver, NULL, def))
goto cleanup;
--
1.7.7.5
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list