[PATCH 06/19] Add ACL annotations to all RPC messages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>

Introduce annotations to all RPC messages to declare what
access control checks are required. There are two new
annotations defined:

 @acl: <object>:<permission>
 @acl: <object>:<permission>:<flagname>

  Declare the access control requirements for the API. May be repeated
  multiple times, if multiple rules are required.

    <object> is one of 'connect', 'domain', 'network', 'storagepool',
             'interface', 'nodedev', 'secret'.
    <permission> is one of the permissions in access/viraccessperm.h
    <flagname> indicates the rule only applies if the named flag
    is set in the API call

 @aclfilter: <object>:<permission>

  Declare an access control filter that will be applied to a list
  of objects being returned by an API. This allows the returned
  list to be filtered to only show those the user has permissions
  against

Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
 src/locking/lock_protocol.x  |   8 +
 src/remote/lxc_protocol.x    |   1 +
 src/remote/qemu_protocol.x   |   4 +
 src/remote/remote_protocol.x | 406 +++++++++++++++++++++++++++++++++++++++++++
 src/rpc/gendispatch.pl       |   2 +-
 5 files changed, 420 insertions(+), 1 deletion(-)

diff --git a/src/locking/lock_protocol.x b/src/locking/lock_protocol.x
index f69f2e8..354d51a 100644
--- a/src/locking/lock_protocol.x
+++ b/src/locking/lock_protocol.x
@@ -105,41 +105,49 @@ enum virLockSpaceProtocolProcedure {
 
     /**
      * @generate: none
+     * @acl: none
      */
     VIR_LOCK_SPACE_PROTOCOL_PROC_REGISTER = 1,
 
     /**
      * @generate: none
+     * @acl: none
      */
     VIR_LOCK_SPACE_PROTOCOL_PROC_RESTRICT = 2,
 
     /**
      * @generate: none
+     * @acl: none
      */
     VIR_LOCK_SPACE_PROTOCOL_PROC_NEW = 3,
 
     /**
      * @generate: none
+     * @acl: none
      */
     VIR_LOCK_SPACE_PROTOCOL_PROC_CREATE_RESOURCE = 4,
 
     /**
      * @generate: none
+     * @acl: none
      */
     VIR_LOCK_SPACE_PROTOCOL_PROC_DELETE_RESOURCE = 5,
 
     /**
      * @generate: none
+     * @acl: none
      */
     VIR_LOCK_SPACE_PROTOCOL_PROC_ACQUIRE_RESOURCE = 6,
 
     /**
      * @generate: none
+     * @acl: none
      */
     VIR_LOCK_SPACE_PROTOCOL_PROC_RELEASE_RESOURCE = 7,
 
     /**
      * @generate: none
+     * @acl: none
      */
     VIR_LOCK_SPACE_PROTOCOL_PROC_CREATE_LOCKSPACE = 8
 };
diff --git a/src/remote/lxc_protocol.x b/src/remote/lxc_protocol.x
index f6cd590..1cde90e 100644
--- a/src/remote/lxc_protocol.x
+++ b/src/remote/lxc_protocol.x
@@ -65,6 +65,7 @@ enum lxc_procedure {
     /**
      * @generate: none
      * @priority: low
+     * @acl: domain:open_namespace
      */
     LXC_PROC_DOMAIN_OPEN_NAMESPACE = 1
 };
diff --git a/src/remote/qemu_protocol.x b/src/remote/qemu_protocol.x
index 63fd92f..1e7cf7c 100644
--- a/src/remote/qemu_protocol.x
+++ b/src/remote/qemu_protocol.x
@@ -91,18 +91,22 @@ enum qemu_procedure {
     /**
      * @generate: none
      * @priority: low
+     * @acl: domain:write
      */
     QEMU_PROC_DOMAIN_MONITOR_COMMAND = 1,
 
     /**
      * @generate: both
      * @priority: low
+     * @acl: domain:start
+     * @acl: domain:write
      */
     QEMU_PROC_DOMAIN_ATTACH = 2,
 
     /**
      * @generate: both
      * @priority: low
+     * @acl: domain:write
      */
     QEMU_PROC_DOMAIN_AGENT_COMMAND = 3
 };
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
index 9723377..061faaf 100644
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -2775,1664 +2775,2070 @@ enum remote_procedure {
      *   to this rule, e.g. domainDestroy. Other APIs MAY be marked as high
      *   priority. If in doubt, it's safe to choose low. Low is taken as default,
      *   and thus can be left out.
+     *
+     * - @acl: <object>:<permission>
+     * - @acl: <object>:<permission>:<flagname>
+     *
+     *   Declare the access control requirements for the API. May be repeated
+     *   multiple times, if multiple rules are required.
+     *
+     *     <object> is one of 'connect', 'domain', 'network', 'storagepool',
+     *              'interface', 'nodedev', 'secret'.
+     *     <permission> is one of the permissions in access/viraccessperm.h
+     *     <flagname> indicates the rule only applies if the named flag
+     *     is set in the API call
+     *
+     * - @aclfilter: <object>:<permission>
+     *
+     *   Declare an access control filter that will be applied to a list
+     *   of objects being returned by an API. This allows the returned
+     *   list to be filtered to only show those the user has permissions
+     *   against
      */
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: connect:getattr
      */
     REMOTE_PROC_CONNECT_OPEN = 1,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: none
      */
     REMOTE_PROC_CONNECT_CLOSE = 2,
 
     /**
      * @generate: server
      * @priority: high
+     * @acl: connect:getattr
      */
     REMOTE_PROC_CONNECT_GET_TYPE = 3,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:getattr
      */
     REMOTE_PROC_CONNECT_GET_VERSION = 4,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:read
      */
     REMOTE_PROC_CONNECT_GET_MAX_VCPUS = 5,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:read
      */
     REMOTE_PROC_NODE_GET_INFO = 6,
 
     /**
      * @generate: both
+     * @acl: connect:read
      */
     REMOTE_PROC_CONNECT_GET_CAPABILITIES = 7,
 
     /**
      * @generate: both
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_ATTACH_DEVICE = 8,
 
     /**
      * @generate: server
+     * @acl: domain:start
      */
     REMOTE_PROC_DOMAIN_CREATE = 9,
 
     /**
      * @generate: both
+     * @acl: domain:write
+     * @acl: domain:start
      */
     REMOTE_PROC_DOMAIN_CREATE_XML = 10,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:write
+     * @acl: domain:save
      */
     REMOTE_PROC_DOMAIN_DEFINE_XML = 11,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:stop
      */
     REMOTE_PROC_DOMAIN_DESTROY = 12,
 
     /**
      * @generate: both
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_DETACH_DEVICE = 13,
 
     /**
      * @generate: both
+     * @acl: domain:read
+     * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
      */
     REMOTE_PROC_DOMAIN_GET_XML_DESC = 14,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_AUTOSTART = 15,
 
     /**
      * @generate: both
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_INFO = 16,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_MAX_MEMORY = 17,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_MAX_VCPUS = 18,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_OS_TYPE = 19,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_VCPUS = 20,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_domains
+     * @aclfilter: domain:getattr
      */
     REMOTE_PROC_CONNECT_LIST_DEFINED_DOMAINS = 21,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:getattr
      */
     REMOTE_PROC_DOMAIN_LOOKUP_BY_ID = 22,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:getattr
      */
     REMOTE_PROC_DOMAIN_LOOKUP_BY_NAME = 23,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:getattr
      */
     REMOTE_PROC_DOMAIN_LOOKUP_BY_UUID = 24,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_domains
+     * @aclfilter: domain:getattr
      */
     REMOTE_PROC_CONNECT_NUM_OF_DEFINED_DOMAINS = 25,
 
     /**
      * @generate: both
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_PIN_VCPU = 26,
 
     /**
      * @generate: both
+     * @acl: domain:init_control
      */
     REMOTE_PROC_DOMAIN_REBOOT = 27,
 
     /**
      * @generate: both
+     * @acl: domain:suspend
      */
     REMOTE_PROC_DOMAIN_RESUME = 28,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_SET_AUTOSTART = 29,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_SET_MAX_MEMORY = 30,
 
     /**
      * @generate: both
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_SET_MEMORY = 31,
 
     /**
      * @generate: both
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_SET_VCPUS = 32,
 
     /**
      * @generate: both
+     * @acl: domain:init_control
      */
     REMOTE_PROC_DOMAIN_SHUTDOWN = 33,
 
     /**
      * @generate: both
+     * @acl: domain:suspend
      */
     REMOTE_PROC_DOMAIN_SUSPEND = 34,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:delete
      */
     REMOTE_PROC_DOMAIN_UNDEFINE = 35,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_networks
+     * @aclfilter: network:getattr
      */
     REMOTE_PROC_CONNECT_LIST_DEFINED_NETWORKS = 36,
 
     /**
      * @generate: server
      * @priority: high
+     * @acl: connect:search_domains
+     * @aclfilter: domain:getattr
      */
     REMOTE_PROC_CONNECT_LIST_DOMAINS = 37,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_networks
+     * @aclfilter: network:getattr
      */
     REMOTE_PROC_CONNECT_LIST_NETWORKS = 38,
 
     /**
      * @generate: both
+     * @acl: network:start
      */
     REMOTE_PROC_NETWORK_CREATE = 39,
 
     /**
      * @generate: both
+     * @acl: network:write
+     * @acl: network:start
      */
     REMOTE_PROC_NETWORK_CREATE_XML = 40,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: network:write
+     * @acl: network:save
      */
     REMOTE_PROC_NETWORK_DEFINE_XML = 41,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: network:stop
      */
     REMOTE_PROC_NETWORK_DESTROY = 42,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: network:read
      */
     REMOTE_PROC_NETWORK_GET_XML_DESC = 43,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: network:read
      */
     REMOTE_PROC_NETWORK_GET_AUTOSTART = 44,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: network:read
      */
     REMOTE_PROC_NETWORK_GET_BRIDGE_NAME = 45,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: network:getattr
      */
     REMOTE_PROC_NETWORK_LOOKUP_BY_NAME = 46,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: network:getattr
      */
     REMOTE_PROC_NETWORK_LOOKUP_BY_UUID = 47,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: network:write
      */
     REMOTE_PROC_NETWORK_SET_AUTOSTART = 48,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: network:delete
      */
     REMOTE_PROC_NETWORK_UNDEFINE = 49,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_networks
+     * @aclfilter: network:getattr
      */
     REMOTE_PROC_CONNECT_NUM_OF_DEFINED_NETWORKS = 50,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_domains
+     * @aclfilter: domain:getattr
      */
     REMOTE_PROC_CONNECT_NUM_OF_DOMAINS = 51,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_networks
+     * @aclfilter: network:getattr
      */
     REMOTE_PROC_CONNECT_NUM_OF_NETWORKS = 52,
 
     /**
      * @generate: both
+     * @acl: domain:core_dump
      */
     REMOTE_PROC_DOMAIN_CORE_DUMP = 53,
 
     /**
      * @generate: both
+     * @acl: domain:start
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_RESTORE = 54,
 
     /**
      * @generate: both
+     * @acl: domain:hibernate
      */
     REMOTE_PROC_DOMAIN_SAVE = 55,
 
     /**
      * @generate: none
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_SCHEDULER_TYPE = 56,
 
     /**
      * @generate: client
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_SCHEDULER_PARAMETERS = 57,
 
     /**
      * @generate: both
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_SET_SCHEDULER_PARAMETERS = 58,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:getattr
      */
     REMOTE_PROC_CONNECT_GET_HOSTNAME = 59,
 
     /**
      * @generate: client
      * @priority: high
+     * @acl: connect:getattr
      */
     REMOTE_PROC_CONNECT_SUPPORTS_FEATURE = 60,
 
     /**
      * @generate: none
+     * @acl: domain:migrate
+     * @acl: domain:start
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_MIGRATE_PREPARE = 61,
 
     /**
      * @generate: both
+     * @acl: domain:migrate
      */
     REMOTE_PROC_DOMAIN_MIGRATE_PERFORM = 62,
 
     /**
      * @generate: both
+     * @acl: domain:migrate
      */
     REMOTE_PROC_DOMAIN_MIGRATE_FINISH = 63,
 
     /**
      * @generate: both
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_BLOCK_STATS = 64,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_INTERFACE_STATS = 65,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: none
      */
     REMOTE_PROC_AUTH_LIST = 66,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: none
      */
     REMOTE_PROC_AUTH_SASL_INIT = 67,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: none
      */
     REMOTE_PROC_AUTH_SASL_START = 68,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: none
      */
     REMOTE_PROC_AUTH_SASL_STEP = 69,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: none
      */
     REMOTE_PROC_AUTH_POLKIT = 70,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_storage_pools
+     * @aclfilter: storage_pool:getattr
      */
     REMOTE_PROC_CONNECT_NUM_OF_STORAGE_POOLS = 71,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_storage_pools
+     * @aclfilter: storage_pool:getattr
      */
     REMOTE_PROC_CONNECT_LIST_STORAGE_POOLS = 72,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_storage_pools
+     * @aclfilter: storage_pool:getattr
      */
     REMOTE_PROC_CONNECT_NUM_OF_DEFINED_STORAGE_POOLS = 73,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_storage_pools
+     * @aclfilter: storage_pool:getattr
      */
     REMOTE_PROC_CONNECT_LIST_DEFINED_STORAGE_POOLS = 74,
 
     /**
      * @generate: server
+     * @acl: connect:detect_storage_pools
      */
     REMOTE_PROC_CONNECT_FIND_STORAGE_POOL_SOURCES = 75,
 
     /**
      * @generate: both
+     * @acl: storage_pool:start
+     * @acl: storage_pool:write
      */
     REMOTE_PROC_STORAGE_POOL_CREATE_XML = 76,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_pool:write
+     * @acl: storage_pool:save
      */
     REMOTE_PROC_STORAGE_POOL_DEFINE_XML = 77,
 
     /**
      * @generate: both
+     * @acl: storage_pool:start
      */
     REMOTE_PROC_STORAGE_POOL_CREATE = 78,
 
     /**
      * @generate: both
+     * @acl: storage_pool:format
      */
     REMOTE_PROC_STORAGE_POOL_BUILD = 79,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_pool:stop
      */
     REMOTE_PROC_STORAGE_POOL_DESTROY = 80,
 
     /**
      * @generate: both
+     * @acl: storage_pool:format
      */
     REMOTE_PROC_STORAGE_POOL_DELETE = 81,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_pool:delete
      */
     REMOTE_PROC_STORAGE_POOL_UNDEFINE = 82,
 
     /**
      * @generate: both
+     * @acl: storage_pool:refresh
      */
     REMOTE_PROC_STORAGE_POOL_REFRESH = 83,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_pool:getattr
      */
     REMOTE_PROC_STORAGE_POOL_LOOKUP_BY_NAME = 84,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_pool:getattr
      */
     REMOTE_PROC_STORAGE_POOL_LOOKUP_BY_UUID = 85,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_pool:getattr
      */
     REMOTE_PROC_STORAGE_POOL_LOOKUP_BY_VOLUME = 86,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_pool:read
      */
     REMOTE_PROC_STORAGE_POOL_GET_INFO = 87,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_pool:read
      */
     REMOTE_PROC_STORAGE_POOL_GET_XML_DESC = 88,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_pool:read
      */
     REMOTE_PROC_STORAGE_POOL_GET_AUTOSTART = 89,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_pool:write
      */
     REMOTE_PROC_STORAGE_POOL_SET_AUTOSTART = 90,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_pool:search_storage_vols
+     * @aclfilter: storage_vol:getattr
      */
     REMOTE_PROC_STORAGE_POOL_NUM_OF_VOLUMES = 91,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_pool:search_storage_vols
+     * @aclfilter: storage_vol:getattr
      */
     REMOTE_PROC_STORAGE_POOL_LIST_VOLUMES = 92,
 
     /**
      * @generate: both
+     * @acl: storage_vol:create
      */
     REMOTE_PROC_STORAGE_VOL_CREATE_XML = 93,
 
     /**
      * @generate: both
+     * @acl: storage_vol:delete
      */
     REMOTE_PROC_STORAGE_VOL_DELETE = 94,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_vol:getattr
      */
     REMOTE_PROC_STORAGE_VOL_LOOKUP_BY_NAME = 95,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_vol:getattr
      */
     REMOTE_PROC_STORAGE_VOL_LOOKUP_BY_KEY = 96,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_vol:getattr
      */
     REMOTE_PROC_STORAGE_VOL_LOOKUP_BY_PATH = 97,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_vol:read
      */
     REMOTE_PROC_STORAGE_VOL_GET_INFO = 98,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_vol:read
      */
     REMOTE_PROC_STORAGE_VOL_GET_XML_DESC = 99,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_vol:read
      */
     REMOTE_PROC_STORAGE_VOL_GET_PATH = 100,
 
     /**
      * @generate: server
      * @priority: high
+     * @acl: connect:read
      */
     REMOTE_PROC_NODE_GET_CELLS_FREE_MEMORY = 101,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:read
      */
     REMOTE_PROC_NODE_GET_FREE_MEMORY = 102,
 
     /**
      * @generate: none
+     * @acl: domain:block_read
      */
     REMOTE_PROC_DOMAIN_BLOCK_PEEK = 103,
 
     /**
      * @generate: none
+     * @acl: domain:mem_read
      */
     REMOTE_PROC_DOMAIN_MEMORY_PEEK = 104,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: connect:read
      */
     REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER = 105,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: connect:read
      */
     REMOTE_PROC_CONNECT_DOMAIN_EVENT_DEREGISTER = 106,
 
     /**
      * @generate: both
+     * @acl: none
      */
     REMOTE_PROC_DOMAIN_EVENT_LIFECYCLE = 107,
 
     /**
      * @generate: none
+     * @acl: domain:migrate
+     * @acl: domain:start
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_MIGRATE_PREPARE2 = 108,
 
     /**
      * @generate: both
+     * @acl: domain:migrate
      */
     REMOTE_PROC_DOMAIN_MIGRATE_FINISH2 = 109,
 
     /**
      * @generate: server
      * @priority: high
+     * @acl: connect:getattr
      */
     REMOTE_PROC_CONNECT_GET_URI = 110,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_node_devices
+     * @aclfilter: node_device:getattr
      */
     REMOTE_PROC_NODE_NUM_OF_DEVICES = 111,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_node_devices
+     * @aclfilter: node_device:getattr
      */
     REMOTE_PROC_NODE_LIST_DEVICES = 112,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: node_device:getattr
      */
     REMOTE_PROC_NODE_DEVICE_LOOKUP_BY_NAME = 113,
 
     /**
      * @generate: both
+     * @acl: node_device:read
      */
     REMOTE_PROC_NODE_DEVICE_GET_XML_DESC = 114,
 
     /**
      * @generate: client
      * @priority: high
+     * @acl: node_device:read
      */
     REMOTE_PROC_NODE_DEVICE_GET_PARENT = 115,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: node_device:read
      */
     REMOTE_PROC_NODE_DEVICE_NUM_OF_CAPS = 116,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: node_device:read
      */
     REMOTE_PROC_NODE_DEVICE_LIST_CAPS = 117,
 
     /**
      * @generate: server
+     * @acl: node_device:dettach
      */
     REMOTE_PROC_NODE_DEVICE_DETTACH = 118,
 
     /**
      * @generate: server
+     * @acl: node_device:dettach
      */
     REMOTE_PROC_NODE_DEVICE_RE_ATTACH = 119,
 
     /**
      * @generate: server
+     * @acl: node_device:dettach
      */
     REMOTE_PROC_NODE_DEVICE_RESET = 120,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_SECURITY_LABEL = 121,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: connect:read
      */
     REMOTE_PROC_NODE_GET_SECURITY_MODEL = 122,
 
     /**
      * @generate: both
+     * @acl: node_device:write
+     * @acl: node_device:start
      */
     REMOTE_PROC_NODE_DEVICE_CREATE_XML = 123,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: node_device:stop
      */
     REMOTE_PROC_NODE_DEVICE_DESTROY = 124,
 
     /**
      * @generate: both
+     * @acl: storage_vol:create
      */
     REMOTE_PROC_STORAGE_VOL_CREATE_XML_FROM = 125,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_interfaces
+     * @aclfilter: interface:getattr
      */
     REMOTE_PROC_CONNECT_NUM_OF_INTERFACES = 126,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_interfaces
+     * @aclfilter: interface:getattr
      */
     REMOTE_PROC_CONNECT_LIST_INTERFACES = 127,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: interface:getattr
      */
     REMOTE_PROC_INTERFACE_LOOKUP_BY_NAME = 128,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: interface:getattr
      */
     REMOTE_PROC_INTERFACE_LOOKUP_BY_MAC_STRING = 129,
 
     /**
      * @generate: both
+     * @acl: interface:read
      */
     REMOTE_PROC_INTERFACE_GET_XML_DESC = 130,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: interface:write
+     * @acl: interface:save
      */
     REMOTE_PROC_INTERFACE_DEFINE_XML = 131,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: interface:delete
      */
     REMOTE_PROC_INTERFACE_UNDEFINE = 132,
 
     /**
      * @generate: both
+     * @acl: interface:start
      */
     REMOTE_PROC_INTERFACE_CREATE = 133,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: interface:stop
      */
     REMOTE_PROC_INTERFACE_DESTROY = 134,
 
     /**
      * @generate: both
+     * @acl: connect:read
      */
     REMOTE_PROC_CONNECT_DOMAIN_XML_FROM_NATIVE = 135,
 
     /**
      * @generate: both
+     * @acl: connect:read
      */
     REMOTE_PROC_CONNECT_DOMAIN_XML_TO_NATIVE = 136,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_interfaces
+     * @aclfilter: interface:getattr
      */
     REMOTE_PROC_CONNECT_NUM_OF_DEFINED_INTERFACES = 137,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_interfaces
+     * @aclfilter: interface:getattr
      */
     REMOTE_PROC_CONNECT_LIST_DEFINED_INTERFACES = 138,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_secrets
+     * @aclfilter: secret:getattr
      */
     REMOTE_PROC_CONNECT_NUM_OF_SECRETS = 139,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_secrets
+     * @aclfilter: secret:getattr
      */
     REMOTE_PROC_CONNECT_LIST_SECRETS = 140,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: secret:getattr
      */
     REMOTE_PROC_SECRET_LOOKUP_BY_UUID = 141,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: secret:write
+     * @acl: secret:save
      */
     REMOTE_PROC_SECRET_DEFINE_XML = 142,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: secret:read
      */
     REMOTE_PROC_SECRET_GET_XML_DESC = 143,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: secret:write
      */
     REMOTE_PROC_SECRET_SET_VALUE = 144,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: secret:read_secure
      */
     REMOTE_PROC_SECRET_GET_VALUE = 145,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: secret:delete
      */
     REMOTE_PROC_SECRET_UNDEFINE = 146,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: secret:getattr
      */
     REMOTE_PROC_SECRET_LOOKUP_BY_USAGE = 147,
 
     /**
      * @generate: both
      * @writestream: 1
+     * @acl: domain:migrate
+     * @acl: domain:start
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_MIGRATE_PREPARE_TUNNEL = 148,
 
     /**
      * @generate: server
      * @priority: high
+     * @acl: none
      */
     REMOTE_PROC_CONNECT_IS_SECURE = 149,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_IS_ACTIVE = 150,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_IS_PERSISTENT = 151,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: network:read
      */
     REMOTE_PROC_NETWORK_IS_ACTIVE = 152,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: network:read
      */
     REMOTE_PROC_NETWORK_IS_PERSISTENT = 153,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_pool:read
      */
     REMOTE_PROC_STORAGE_POOL_IS_ACTIVE = 154,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: storage_pool:read
      */
     REMOTE_PROC_STORAGE_POOL_IS_PERSISTENT = 155,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: interface:read
      */
     REMOTE_PROC_INTERFACE_IS_ACTIVE = 156,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:getattr
      */
     REMOTE_PROC_CONNECT_GET_LIB_VERSION = 157,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:read
      */
     REMOTE_PROC_CONNECT_COMPARE_CPU = 158,
 
     /**
      * @generate: none
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_MEMORY_STATS = 159,
 
     /**
      * @generate: both
+     * @acl: domain:write
+     * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE
+     * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG
      */
     REMOTE_PROC_DOMAIN_ATTACH_DEVICE_FLAGS = 160,
 
     /**
      * @generate: both
+     * @acl: domain:write
+     * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE
+     * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG
      */
     REMOTE_PROC_DOMAIN_DETACH_DEVICE_FLAGS = 161,
 
     /**
      * @generate: both
+     * @acl: connect:read
      */
     REMOTE_PROC_CONNECT_BASELINE_CPU = 162,
 
     /**
      * @generate: both
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_JOB_INFO = 163,
 
     /**
      * @generate: both
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_ABORT_JOB = 164,
 
     /**
      * @generate: both
+     * @acl: storage_vol:format
      */
     REMOTE_PROC_STORAGE_VOL_WIPE = 165,
 
     /**
      * @generate: both
+     * @acl: domain:migrate
      */
     REMOTE_PROC_DOMAIN_MIGRATE_SET_MAX_DOWNTIME = 166,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: connect:read
      */
     REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER_ANY = 167,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: connect:read
      */
     REMOTE_PROC_CONNECT_DOMAIN_EVENT_DEREGISTER_ANY = 168,
 
     /**
      * @generate: both
+     * @acl: none
      */
     REMOTE_PROC_DOMAIN_EVENT_REBOOT = 169,
 
     /**
      * @generate: both
+     * @acl: none
      */
     REMOTE_PROC_DOMAIN_EVENT_RTC_CHANGE = 170,
 
     /**
      * @generate: both
+     * @acl: none
      */
     REMOTE_PROC_DOMAIN_EVENT_WATCHDOG = 171,
 
     /**
      * @generate: both
+     * @acl: none
      */
     REMOTE_PROC_DOMAIN_EVENT_IO_ERROR = 172,
 
     /**
      * @generate: both
+     * @acl: none
      */
     REMOTE_PROC_DOMAIN_EVENT_GRAPHICS = 173,
 
     /**
      * @generate: both
+     * @acl: domain:write
+     * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE
+     * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG
      */
     REMOTE_PROC_DOMAIN_UPDATE_DEVICE_FLAGS = 174,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: nwfilter:getattr
      */
     REMOTE_PROC_NWFILTER_LOOKUP_BY_NAME = 175,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: nwfilter:getattr
      */
     REMOTE_PROC_NWFILTER_LOOKUP_BY_UUID = 176,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: nwfilter:read
      */
     REMOTE_PROC_NWFILTER_GET_XML_DESC = 177,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_nwfilters
+     * @aclfilter: nwfilter:getattr
      */
     REMOTE_PROC_CONNECT_NUM_OF_NWFILTERS = 178,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:search_nwfilters
+     * @aclfilter: nwfilter:getattr
      */
     REMOTE_PROC_CONNECT_LIST_NWFILTERS = 179,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: nwfilter:write
+     * @acl: nwfilter:save
      */
     REMOTE_PROC_NWFILTER_DEFINE_XML = 180,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: nwfilter:delete
      */
     REMOTE_PROC_NWFILTER_UNDEFINE = 181,
 
     /**
      * @generate: both
+     * @acl: domain:hibernate
      */
     REMOTE_PROC_DOMAIN_MANAGED_SAVE = 182,
 
     /**
      * @generate: both
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_HAS_MANAGED_SAVE_IMAGE = 183,
 
     /**
      * @generate: both
+     * @acl: domain:hibernate
      */
     REMOTE_PROC_DOMAIN_MANAGED_SAVE_REMOVE = 184,
 
     /**
      * @generate: both
+     * @acl: domain:snapshot
      */
     REMOTE_PROC_DOMAIN_SNAPSHOT_CREATE_XML = 185,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_SNAPSHOT_GET_XML_DESC = 186,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_SNAPSHOT_NUM = 187,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_SNAPSHOT_LIST_NAMES = 188,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_SNAPSHOT_LOOKUP_BY_NAME = 189,
 
     /**
      * @generate: both
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_HAS_CURRENT_SNAPSHOT = 190,
 
     /**
      * @generate: both
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_SNAPSHOT_CURRENT = 191,
 
     /**
      * @generate: both
+     * @acl: domain:snapshot
      */
     REMOTE_PROC_DOMAIN_REVERT_TO_SNAPSHOT = 192,
 
     /**
      * @generate: both
+     * @acl: domain:snapshot
      */
     REMOTE_PROC_DOMAIN_SNAPSHOT_DELETE = 193,
 
     /**
      * @generate: both
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_BLOCK_INFO = 194,
 
     /**
      * @generate: both
+     * @acl: none
      */
     REMOTE_PROC_DOMAIN_EVENT_IO_ERROR_REASON = 195,
 
     /**
      * @generate: server
+     * @acl: domain:start
      */
     REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS = 196,
 
     /**
      * @generate: both
+     * @acl: domain:write
+     * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE
+     * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG
      */
     REMOTE_PROC_DOMAIN_SET_MEMORY_PARAMETERS = 197,
 
     /**
      * @generate: none
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_MEMORY_PARAMETERS = 198,
 
     /**
      * @generate: both
+     * @acl: domain:write
+     * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE
+     * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG
      */
     REMOTE_PROC_DOMAIN_SET_VCPUS_FLAGS = 199,
 
     /**
      * @generate: both
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_VCPUS_FLAGS = 200,
 
     /**
      * @generate: both
      * @readstream: 2
+     * @acl: domain:open_device
      */
     REMOTE_PROC_DOMAIN_OPEN_CONSOLE = 201,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_IS_UPDATED = 202,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: connect:read
      */
     REMOTE_PROC_CONNECT_GET_SYSINFO = 203,
 
     /**
      * @generate: both
+     * @acl: domain:write
+     * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE
+     * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG
      */
     REMOTE_PROC_DOMAIN_SET_MEMORY_FLAGS = 204,
 
     /**
      * @generate: both
+     * @acl: domain:write
+     * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE
+     * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG
      */
     REMOTE_PROC_DOMAIN_SET_BLKIO_PARAMETERS = 205,
 
     /**
      * @generate: none
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_BLKIO_PARAMETERS = 206,
 
     /**
      * @generate: both
+     * @acl: domain:migrate
      */
     REMOTE_PROC_DOMAIN_MIGRATE_SET_MAX_SPEED = 207,
 
     /**
      * @generate: both
      * @writestream: 1
+     * @acl: storage_vol:data_write
      */
     REMOTE_PROC_STORAGE_VOL_UPLOAD = 208,
 
     /**
      * @generate: both
      * @readstream: 1
+     * @acl: storage_vol:data_read
      */
     REMOTE_PROC_STORAGE_VOL_DOWNLOAD = 209,
 
     /**
      * @generate: both
+     * @acl: domain:inject_nmi
      */
     REMOTE_PROC_DOMAIN_INJECT_NMI = 210,
 
     /**
      * @generate: both
      * @readstream: 1
+     * @acl: domain:screenshot
      */
     REMOTE_PROC_DOMAIN_SCREENSHOT = 211,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_STATE = 212,
 
     /**
      * @generate: none
+     * @acl: domain:migrate
      */
     REMOTE_PROC_DOMAIN_MIGRATE_BEGIN3 = 213,
 
     /**
      * @generate: none
+     * @acl: domain:migrate
+     * @acl: domain:start
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_MIGRATE_PREPARE3 = 214,
 
     /**
      * @generate: server
      * @writestream: 1
+     * @acl: domain:migrate
+     * @acl: domain:start
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_MIGRATE_PREPARE_TUNNEL3 = 215,
 
     /**
      * @generate: none
+     * @acl: domain:migrate
      */
     REMOTE_PROC_DOMAIN_MIGRATE_PERFORM3 = 216,
 
     /**
      * @generate: none
+     * @acl: domain:migrate
      */
     REMOTE_PROC_DOMAIN_MIGRATE_FINISH3 = 217,
 
     /**
      * @generate: none
+     * @acl: domain:migrate
      */
     REMOTE_PROC_DOMAIN_MIGRATE_CONFIRM3 = 218,
 
     /**
      * @generate: both
+     * @acl: domain:write
+     * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE
+     * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG
      */
     REMOTE_PROC_DOMAIN_SET_SCHEDULER_PARAMETERS_FLAGS = 219,
 
     /**
      * @generate: both
+     * @acl: connect:interface_transaction
      */
     REMOTE_PROC_INTERFACE_CHANGE_BEGIN = 220,
 
     /**
      * @generate: both
+     * @acl: connect:interface_transaction
      */
     REMOTE_PROC_INTERFACE_CHANGE_COMMIT = 221,
 
     /**
      * @generate: both
+     * @acl: connect:interface_transaction
      */
     REMOTE_PROC_INTERFACE_CHANGE_ROLLBACK = 222,
 
     /**
      * @generate: client
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_SCHEDULER_PARAMETERS_FLAGS = 223,
 
     /**
      * @generate: none
+     * @acl: none
      */
     REMOTE_PROC_DOMAIN_EVENT_CONTROL_ERROR = 224,
 
     /**
      * @generate: both
+     * @acl: domain:write
+     * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE
+     * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG
      */
     REMOTE_PROC_DOMAIN_PIN_VCPU_FLAGS = 225,
 
     /**
      * @generate: both
+     * @acl: domain:send_input
      */
     REMOTE_PROC_DOMAIN_SEND_KEY = 226,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: connect:read
      */
     REMOTE_PROC_NODE_GET_CPU_STATS = 227,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: connect:read
      */
     REMOTE_PROC_NODE_GET_MEMORY_STATS = 228,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_CONTROL_INFO = 229,
 
     /**
      * @generate: none
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_VCPU_PIN_INFO = 230,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:delete
      */
     REMOTE_PROC_DOMAIN_UNDEFINE_FLAGS = 231,
 
     /**
      * @generate: both
+     * @acl: domain:hibernate
      */
     REMOTE_PROC_DOMAIN_SAVE_FLAGS = 232,
 
     /**
      * @generate: both
+     * @acl: domain:start
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_RESTORE_FLAGS = 233,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:stop
      */
     REMOTE_PROC_DOMAIN_DESTROY_FLAGS = 234,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:write
+     * @acl: domain:hibernate
      */
     REMOTE_PROC_DOMAIN_SAVE_IMAGE_DEFINE_XML = 236,
 
     /**
      * @generate: both
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_BLOCK_JOB_ABORT = 237,
 
     /**
      * @generate: none
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_BLOCK_JOB_INFO = 238,
 
     /**
      * @generate: both
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_BLOCK_JOB_SET_SPEED = 239,
 
     /**
      * @generate: both
+     * @acl: domain:block_write
      */
     REMOTE_PROC_DOMAIN_BLOCK_PULL = 240,
 
     /**
      * @generate: none
+     * @acl: none
      */
     REMOTE_PROC_DOMAIN_EVENT_BLOCK_JOB = 241,
 
     /**
      * @generate: both
+     * @acl: domain:migrate
      */
     REMOTE_PROC_DOMAIN_MIGRATE_GET_MAX_SPEED = 242,
 
     /**
      * @generate: none
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_BLOCK_STATS_FLAGS = 243,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_SNAPSHOT_GET_PARENT = 244,
 
     /**
      * @generate: both
+     * @acl: domain:reset
      */
     REMOTE_PROC_DOMAIN_RESET = 245,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_SNAPSHOT_NUM_CHILDREN = 246,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_SNAPSHOT_LIST_CHILDREN_NAMES = 247,
 
     /**
      * @generate: none
+     * @acl: none
      */
     REMOTE_PROC_DOMAIN_EVENT_DISK_CHANGE = 248,
 
     /**
      * @generate: none
+     * @acl: domain:open_graphics
      */
     REMOTE_PROC_DOMAIN_OPEN_GRAPHICS = 249,
 
     /**
      * @generate: both
+     * @acl: connect:pm_control
      */
     REMOTE_PROC_NODE_SUSPEND_FOR_DURATION = 250,
 
     /**
      * @generate: both
+     * @acl: domain:block_write
      */
     REMOTE_PROC_DOMAIN_BLOCK_RESIZE = 251,
 
     /**
      * @generate: both
+     * @acl: domain:write
+     * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE
+     * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG
      */
     REMOTE_PROC_DOMAIN_SET_BLOCK_IO_TUNE = 252,
 
     /**
      * @generate: none
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_BLOCK_IO_TUNE = 253,
 
     /**
      * @generate: both
+     * @acl: domain:write
+     * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE
+     * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG
      */
     REMOTE_PROC_DOMAIN_SET_NUMA_PARAMETERS = 254,
 
     /**
      * @generate: none
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_NUMA_PARAMETERS = 255,
 
     /**
      * @generate: both
+     * @acl: domain:write
+     * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE
+     * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG
      */
     REMOTE_PROC_DOMAIN_SET_INTERFACE_PARAMETERS = 256,
 
     /**
      * @generate: none
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_INTERFACE_PARAMETERS = 257,
 
     /**
      * @generate: both
+     * @acl: domain:init_control
      */
     REMOTE_PROC_DOMAIN_SHUTDOWN_FLAGS = 258,
 
     /**
      * @generate: both
+     * @acl: storage_vol:format
      */
     REMOTE_PROC_STORAGE_VOL_WIPE_PATTERN = 259,
 
     /**
      * @generate: both
+     * @acl: storage_vol:resize
      */
     REMOTE_PROC_STORAGE_VOL_RESIZE = 260,
 
     /**
      * @generate: both
+     * @acl: domain:pm_control
      */
     REMOTE_PROC_DOMAIN_PM_SUSPEND_FOR_DURATION = 261,
 
     /**
      * @generate: none
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_CPU_STATS = 262,
 
     /**
      * @generate: none
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_DISK_ERRORS = 263,
 
     /**
      * @generate: both
+     * @acl: domain:write
+     * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE
+     * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG
      */
     REMOTE_PROC_DOMAIN_SET_METADATA = 264,
 
     /**
      * @generate: both
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_METADATA = 265,
 
     /**
      * @generate: both
+     * @acl: domain:block_write
      */
     REMOTE_PROC_DOMAIN_BLOCK_REBASE = 266,
 
     /**
      * @generate: both
+     * @acl: domain:pm_control
      */
     REMOTE_PROC_DOMAIN_PM_WAKEUP = 267,
 
     /**
      * @generate: both
+     * @acl: none
      */
     REMOTE_PROC_DOMAIN_EVENT_TRAY_CHANGE = 268,
 
     /**
      * @generate: both
+     * @acl: none
      */
     REMOTE_PROC_DOMAIN_EVENT_PMWAKEUP = 269,
 
     /**
      * @generate: both
+     * @acl: none
      */
     REMOTE_PROC_DOMAIN_EVENT_PMSUSPEND = 270,
 
     /**
      * @generate: both
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_SNAPSHOT_IS_CURRENT = 271,
 
     /**
      * @generate: both
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_SNAPSHOT_HAS_METADATA = 272,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: connect:search_domains
+     * @aclfilter: domain:getattr
      */
     REMOTE_PROC_CONNECT_LIST_ALL_DOMAINS = 273,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_LIST_ALL_SNAPSHOTS = 274,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_SNAPSHOT_LIST_ALL_CHILDREN = 275,
 
     /**
      * @generate: both
+     * @acl: none
      */
     REMOTE_PROC_DOMAIN_EVENT_BALLOON_CHANGE = 276,
 
     /**
      * @generate: both
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_HOSTNAME = 277,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_SECURITY_LABEL_LIST = 278,
 
     /**
      * @generate: none
+     * @acl: domain:write
+     * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE
+     * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG
      */
     REMOTE_PROC_DOMAIN_PIN_EMULATOR = 279,
 
     /**
      * @generate: none
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_EMULATOR_PIN_INFO = 280,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: connect:search_storage_pools
+     * @aclfilter: storage_pool:getattr
      */
     REMOTE_PROC_CONNECT_LIST_ALL_STORAGE_POOLS = 281,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: storage_pool:search_storage_vols
+     * @aclfilter: storage_vol:getattr
      */
     REMOTE_PROC_STORAGE_POOL_LIST_ALL_VOLUMES = 282,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: connect:search_networks
+     * @aclfilter: network:getattr
      */
     REMOTE_PROC_CONNECT_LIST_ALL_NETWORKS = 283,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: connect:search_interfaces
+     * @aclfilter: interface:getattr
      */
     REMOTE_PROC_CONNECT_LIST_ALL_INTERFACES = 284,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: connect:search_node_devices
+     * @aclfilter: node_device:getattr
      */
     REMOTE_PROC_CONNECT_LIST_ALL_NODE_DEVICES = 285,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: connect:search_nwfilters
+     * @aclfilter: nwfilter:getattr
      */
     REMOTE_PROC_CONNECT_LIST_ALL_NWFILTERS = 286,
 
     /**
      * @generate: none
      * @priority: high
+     * @acl: connect:search_secrets
+     * @aclfilter: secret:getattr
      */
     REMOTE_PROC_CONNECT_LIST_ALL_SECRETS = 287,
 
     /**
      * @generate: both
+     * @acl: connect:write
      */
     REMOTE_PROC_NODE_SET_MEMORY_PARAMETERS = 288,
 
     /**
      * @generate: none
+     * @acl: connect:read
      */
     REMOTE_PROC_NODE_GET_MEMORY_PARAMETERS = 289,
 
     /**
      * @generate: both
+     * @acl: domain:block_write
      */
     REMOTE_PROC_DOMAIN_BLOCK_COMMIT = 290,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: network:write
+     * @acl: network:save:!VIR_NETWORK_UPDATE_AFFECT_CONFIG|VIR_NETWORK_UPDATE_AFFECT_LIVE
+     * @acl: network:save:VIR_NETWORK_UPDATE_AFFECT_CONFIG
      */
     REMOTE_PROC_NETWORK_UPDATE = 291,
 
     /**
      * @generate: both
+     * @acl: none
      */
     REMOTE_PROC_DOMAIN_EVENT_PMSUSPEND_DISK = 292,
 
     /**
      * @generate: none
+     * @acl: connect:read
      */
     REMOTE_PROC_NODE_GET_CPU_MAP = 293,
 
     /**
      * @generate: both
+     * @acl: domain:fs_trim
      */
     REMOTE_PROC_DOMAIN_FSTRIM = 294,
 
     /**
      * @generate: both
+     * @acl: domain:send_signal
      */
     REMOTE_PROC_DOMAIN_SEND_PROCESS_SIGNAL = 295,
 
     /**
      * @generate: both
      * @readstream: 2
+     * @acl: domain:open_device
      */
     REMOTE_PROC_DOMAIN_OPEN_CHANNEL = 296,
 
     /**
      * @generate: both
      * @priority: high
+     * @acl: node_device:getattr
      */
     REMOTE_PROC_NODE_DEVICE_LOOKUP_SCSI_HOST_BY_WWN = 297,
 
     /**
      * @generate: none
+     * @acl: domain:read
      */
     REMOTE_PROC_DOMAIN_GET_JOB_STATS = 298,
 
     /**
      * @generate: both
+     * @acl: domain:migrate
      */
     REMOTE_PROC_DOMAIN_MIGRATE_GET_COMPRESSION_CACHE = 299,
 
     /**
      * @generate: both
+     * @acl: domain:migrate
      */
     REMOTE_PROC_DOMAIN_MIGRATE_SET_COMPRESSION_CACHE = 300,
 
     /**
      * @generate: server
+     * @acl: node_device:dettach
      */
     REMOTE_PROC_NODE_DEVICE_DETACH_FLAGS = 301
 
diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl
index 3356fee..4d5007f 100755
--- a/src/rpc/gendispatch.pl
+++ b/src/rpc/gendispatch.pl
@@ -123,7 +123,7 @@ while (<PROTOCOL>) {
             push(@{$calls{$name}->{ret_members}}, $1);
         }
     } elsif ($collect_opts) {
-        if (m,^\s*\*\s*\@(\w+)\s*:\s*(\w+)\s*$,) {
+        if (m,^\s*\*\s*\@(\w+)\s*:\s*((?:\w|:|\!|\|)+)\s*$,) {
             $opts{$1} = $2;
         } elsif (m,^\s*\*/\s*$,) {
             $collect_opts = 0;
-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]