On Mon, May 20, 2013 at 12:14:04PM -0600, Jim Fehlig wrote:
> Daniel P. Berrange wrote:
> > From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
> >
> > Introduce use of a virDomainDefPtr in the domain VCPU
> > APIs to simplify introduction of ACL security checks.
> > The virDomainPtr cannot be safely used, since the app
> > may have supplied mis-matching name/uuid/id fields. eg
> > the name points to domain X, while the uuid points to
> > domain Y. Resolving the virDomainPtr to a virDomainDefPtr
> > ensures a consistent name/uuid/id set.
> >
> > Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
> > ---
> > src/xen/xen_driver.c | 84 ++++++++++++++++++++++++++++++++++++++++--------
> > src/xen/xen_hypervisor.c | 42 ++++++++++++------------
> > src/xen/xen_hypervisor.h | 9 ++++--
> > src/xen/xend_internal.c | 81 ++++++++++++++++++++++++++--------------------
> > src/xen/xend_internal.h | 17 ++++++----
> > src/xen/xm_internal.c | 30 +++++++++--------
> > src/xen/xm_internal.h | 19 ++++++++---
> > 7 files changed, 187 insertions(+), 95 deletions(-)
> >
> > diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
> > index 8b7dec9..04cb69d 100644
> > --- a/src/xen/xen_driver.c
> > +++ b/src/xen/xen_driver.c
> > @@ -647,11 +647,30 @@ xenUnifiedConnectNumOfDomains(virConnectPtr conn)
> >
> > static virDomainPtr
> > xenUnifiedDomainCreateXML(virConnectPtr conn,
> > - const char *xmlDesc, unsigned int flags)
> > + const char *xml,
> > + unsigned int flags)
> > {
> > + xenUnifiedPrivatePtr priv = conn->privateData;
> > + virDomainDefPtr def = NULL;
> > + virDomainPtr ret = NULL;
> > +
> > virCheckFlags(0, NULL);
> >
> > - return xenDaemonCreateXML(conn, xmlDesc);
> > + if (!(def = virDomainDefParseString(xml, priv->caps, priv->xmlopt,
> > + 1 << VIR_DOMAIN_VIRT_XEN,
> > + VIR_DOMAIN_XML_INACTIVE)))
> > + goto cleanup;
> > +
> > + if (xenDaemonCreateXML(conn, def) < 0)
> > + goto cleanup;
> > +
> > + ret = virGetDomain(conn, def->name, def->uuid);
> > + if (ret)
> > + ret->id = def->id;
> > +
> > +cleanup:
> > + virDomainDefFree(def);
> > + return ret;
> > }
> >
>
> Should this hunk be in patch 2? Or perhaps it was meant for patch 5?
Hmm, actually, yes, it should be in the previous patch.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list