[PATCH 08/19] Add ACL checks into the QEMU driver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>

Insert calls to the ACL checking APIs in all QEMU driver
entrypoints.

Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
 src/Makefile.am        |   9 +-
 src/qemu/qemu_driver.c | 716 +++++++++++++++++++++++++++++++++++++++++++------
 2 files changed, 645 insertions(+), 80 deletions(-)

diff --git a/src/Makefile.am b/src/Makefile.am
index 945d8e1..658d551 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1067,9 +1067,12 @@ noinst_LTLIBRARIES += libvirt_driver_qemu.la
 #libvirt_la_BUILT_LIBADD += libvirt_driver_qemu.la
 endif
 
-libvirt_driver_qemu_impl_la_CFLAGS = $(GNUTLS_CFLAGS) \
-                                $(LIBNL_CFLAGS) \
-		-I$(top_srcdir)/src/conf $(AM_CFLAGS)
+libvirt_driver_qemu_impl_la_CFLAGS = \
+		$(GNUTLS_CFLAGS) \
+		$(LIBNL_CFLAGS) \
+		-I$(top_srcdir)/src/access \
+		-I$(top_srcdir)/src/conf \
+		$(AM_CFLAGS)
 libvirt_driver_qemu_impl_la_LDFLAGS = $(AM_LDFLAGS)
 libvirt_driver_qemu_impl_la_LIBADD = $(CAPNG_LIBS) \
                                 $(GNUTLS_LIBS) \
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 9b738e0..a99706b 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -92,6 +92,8 @@
 #include "virtypedparam.h"
 #include "virbitmap.h"
 #include "virstring.h"
+#include "viraccessapicheck.h"
+#include "viraccessapicheckqemu.h"
 
 #define VIR_FROM_THIS VIR_FROM_QEMU
 
@@ -1053,6 +1055,10 @@ static virDrvOpenStatus qemuConnectOpen(virConnectPtr conn,
             }
         }
     }
+
+    if (virConnectOpenEnsureACL(conn) < 0)
+        goto cleanup;
+
     conn->privateData = qemu_driver;
 
     ret = VIR_DRV_OPEN_SUCCESS;
@@ -1075,8 +1081,11 @@ static int qemuConnectClose(virConnectPtr conn)
 
 /* Which features are supported by this driver? */
 static int
-qemuConnectSupportsFeature(virConnectPtr conn ATTRIBUTE_UNUSED, int feature)
+qemuConnectSupportsFeature(virConnectPtr conn, int feature)
 {
+    if (virConnectSupportsFeatureEnsureACL(conn) < 0)
+        return -1;
+
     switch (feature) {
     case VIR_DRV_FEATURE_MIGRATION_V2:
     case VIR_DRV_FEATURE_MIGRATION_V3:
@@ -1093,6 +1102,9 @@ qemuConnectSupportsFeature(virConnectPtr conn ATTRIBUTE_UNUSED, int feature)
 }
 
 static const char *qemuConnectGetType(virConnectPtr conn ATTRIBUTE_UNUSED) {
+    if (virConnectGetTypeEnsureACL(conn) < 0)
+        return NULL;
+
     return "QEMU";
 }
 
@@ -1154,6 +1166,9 @@ qemuConnectGetSysinfo(virConnectPtr conn, unsigned int flags)
 
     virCheckFlags(0, NULL);
 
+    if (virConnectGetSysinfoEnsureACL(conn) < 0)
+        return NULL;
+
     if (!driver->hostsysinfo) {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                        _("Host SMBIOS information is not available"));
@@ -1170,6 +1185,9 @@ qemuConnectGetSysinfo(virConnectPtr conn, unsigned int flags)
 }
 
 static int qemuConnectGetMaxVcpus(virConnectPtr conn ATTRIBUTE_UNUSED, const char *type) {
+    if (virConnectGetMaxVcpusEnsureACL(conn) < 0)
+        return -1;
+
     if (!type)
         return 16;
 
@@ -1193,6 +1211,9 @@ static char *qemuConnectGetCapabilities(virConnectPtr conn) {
     virCapsPtr caps = NULL;
     char *xml = NULL;
 
+    if (virConnectGetCapabilitiesEnsureACL(conn) < 0)
+        return NULL;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, true)))
         goto cleanup;
 
@@ -1296,6 +1317,9 @@ static virDomainPtr qemuDomainLookupByID(virConnectPtr conn,
         goto cleanup;
     }
 
+    if (virDomainLookupByIDEnsureACL(conn, vm->def) < 0)
+        goto cleanup;
+
     dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
     if (dom) dom->id = vm->def->id;
 
@@ -1321,6 +1345,9 @@ static virDomainPtr qemuDomainLookupByUUID(virConnectPtr conn,
         goto cleanup;
     }
 
+    if (virDomainLookupByUUIDEnsureACL(conn, vm->def) < 0)
+        goto cleanup;
+
     dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
     if (dom) dom->id = vm->def->id;
 
@@ -1344,6 +1371,9 @@ static virDomainPtr qemuDomainLookupByName(virConnectPtr conn,
         goto cleanup;
     }
 
+    if (virDomainLookupByNameEnsureACL(conn, vm->def) < 0)
+        goto cleanup;
+
     dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
     if (dom) dom->id = vm->def->id;
 
@@ -1362,6 +1392,9 @@ static int qemuDomainIsActive(virDomainPtr dom)
     if (!(obj = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainIsActiveEnsureACL(dom->conn, obj->def) < 0)
+        goto cleanup;
+
     ret = virDomainObjIsActive(obj);
 
 cleanup:
@@ -1378,6 +1411,9 @@ static int qemuDomainIsPersistent(virDomainPtr dom)
     if (!(obj = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainIsPersistentEnsureACL(dom->conn, obj->def) < 0)
+        goto cleanup;
+
     ret = obj->persistent;
 
 cleanup:
@@ -1394,6 +1430,9 @@ static int qemuDomainIsUpdated(virDomainPtr dom)
     if (!(obj = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainIsUpdatedEnsureACL(dom->conn, obj->def) < 0)
+        goto cleanup;
+
     ret = obj->updated;
 
 cleanup:
@@ -1408,6 +1447,9 @@ static int qemuConnectGetVersion(virConnectPtr conn, unsigned long *version) {
     unsigned int qemuVersion = 0;
     virCapsPtr caps = NULL;
 
+    if (virConnectGetVersionEnsureACL(conn) < 0)
+        return -1;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -1425,8 +1467,11 @@ cleanup:
 }
 
 
-static char *qemuConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED)
+static char *qemuConnectGetHostname(virConnectPtr conn)
 {
+    if (virConnectGetHostnameEnsureACL(conn) < 0)
+        return NULL;
+
     return virGetHostname();
 }
 
@@ -1435,6 +1480,9 @@ static int qemuConnectListDomains(virConnectPtr conn, int *ids, int nids) {
     virQEMUDriverPtr driver = conn->privateData;
     int n;
 
+    if (virConnectListDomainsEnsureACL(conn) < 0)
+        return -1;
+
     n = virDomainObjListGetActiveIDs(driver->domains, ids, nids);
 
     return n;
@@ -1444,6 +1492,9 @@ static int qemuConnectNumOfDomains(virConnectPtr conn) {
     virQEMUDriverPtr driver = conn->privateData;
     int n;
 
+    if (virConnectNumOfDomainsEnsureACL(conn) < 0)
+        return -1;
+
     n = virDomainObjListNumOfDomains(driver->domains, 1);
 
     return n;
@@ -1499,6 +1550,9 @@ static virDomainPtr qemuDomainCreateXML(virConnectPtr conn,
                                         VIR_DOMAIN_XML_INACTIVE)))
         goto cleanup;
 
+    if (virDomainCreateXMLEnsureACL(conn, def) < 0)
+        goto cleanup;
+
     if (virSecurityManagerVerify(driver->securityManager, def) < 0)
         goto cleanup;
 
@@ -1583,6 +1637,9 @@ static int qemuDomainSuspend(virDomainPtr dom) {
     if (!(vm = qemuDomObjFromDomain(dom)))
         return -1;
 
+    if (virDomainSuspendEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("domain is not running"));
@@ -1661,6 +1718,9 @@ static int qemuDomainResume(virDomainPtr dom) {
 
     cfg = virQEMUDriverGetConfig(driver);
 
+    if (virDomainResumeEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
         goto cleanup;
 
@@ -1738,6 +1798,9 @@ static int qemuDomainShutdownFlags(virDomainPtr dom, unsigned int flags) {
     if (agentRequested || (!flags && priv->agent))
         useAgent = true;
 
+    if (virDomainShutdownFlagsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (priv->agentError) {
         if (agentRequested && !acpiRequested) {
             virReportError(VIR_ERR_AGENT_UNRESPONSIVE, "%s",
@@ -1836,6 +1899,9 @@ qemuDomainReboot(virDomainPtr dom, unsigned int flags)
 
     priv = vm->privateData;
 
+    if (virDomainRebootEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if ((flags & VIR_DOMAIN_REBOOT_GUEST_AGENT) ||
         (!(flags & VIR_DOMAIN_REBOOT_ACPI_POWER_BTN) &&
          priv->agent))
@@ -1917,6 +1983,9 @@ qemuDomainReset(virDomainPtr dom, unsigned int flags)
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainResetEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
         goto cleanup;
 
@@ -1974,6 +2043,9 @@ qemuDomainDestroyFlags(virDomainPtr dom,
 
     priv = vm->privateData;
 
+    if (virDomainDestroyFlagsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     qemuDomainSetFakeReboot(driver, vm, false);
 
 
@@ -2049,6 +2121,9 @@ static char *qemuDomainGetOSType(virDomainPtr dom) {
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainGetOSTypeEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     ignore_value(VIR_STRDUP(type, vm->def->os.type));
 
 cleanup:
@@ -2067,6 +2142,9 @@ qemuDomainGetMaxMemory(virDomainPtr dom)
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainGetMaxMemoryEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     ret = vm->def->mem.max_balloon;
 
 cleanup:
@@ -2094,6 +2172,9 @@ static int qemuDomainSetMemoryFlags(virDomainPtr dom, unsigned long newmem,
 
     cfg = virQEMUDriverGetConfig(driver);
 
+    if (virDomainSetMemoryFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
         goto cleanup;
 
@@ -2194,6 +2275,9 @@ static int qemuDomainInjectNMI(virDomainPtr domain, unsigned int flags)
     if (!(vm = qemuDomObjFromDomain(domain)))
         return -1;
 
+    if (virDomainInjectNMIEnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("domain is not running"));
@@ -2265,6 +2349,9 @@ static int qemuDomainSendKey(virDomainPtr domain,
 
     priv = vm->privateData;
 
+    if (virDomainSendKeyEnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
         goto cleanup;
 
@@ -2300,6 +2387,9 @@ static int qemuDomainGetInfo(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainGetInfoEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     info->state = virDomainObjGetState(vm, NULL);
 
     if (!virDomainObjIsActive(vm)) {
@@ -2379,6 +2469,9 @@ qemuDomainGetState(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainGetStateEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     *state = virDomainObjGetState(vm, reason);
     ret = 0;
 
@@ -2402,6 +2495,9 @@ qemuDomainGetControlInfo(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainGetControlInfoEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("domain is not running"));
@@ -2972,6 +3068,9 @@ qemuDomainSaveFlags(virDomainPtr dom, const char *path, const char *dxml,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainSaveFlagsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("domain is not running"));
@@ -3027,6 +3126,9 @@ qemuDomainManagedSave(virDomainPtr dom, unsigned int flags)
     if (!(vm = qemuDomObjFromDomain(dom)))
         return -1;
 
+    if (virDomainManagedSaveEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("domain is not running"));
@@ -3085,14 +3187,19 @@ static int
 qemuDomainHasManagedSaveImage(virDomainPtr dom, unsigned int flags)
 {
     virDomainObjPtr vm = NULL;
-    int ret;
+    int ret = -1;
 
     virCheckFlags(0, -1);
 
     if (!(vm = qemuDomObjFromDomain(dom)))
         return -1;
 
+    if (virDomainHasManagedSaveImageEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     ret = vm->hasManagedSave;
+
+cleanup:
     virObjectUnlock(vm);
     return ret;
 }
@@ -3110,6 +3217,9 @@ qemuDomainManagedSaveRemove(virDomainPtr dom, unsigned int flags)
     if (!(vm = qemuDomObjFromDomain(dom)))
         return -1;
 
+    if (virDomainManagedSaveRemoveEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(name = qemuDomainManagedSavePath(driver, vm)))
         goto cleanup;
 
@@ -3272,6 +3382,9 @@ static int qemuDomainCoreDump(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         return -1;
 
+    if (virDomainCoreDumpEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginAsyncJob(driver, vm,
                                    QEMU_ASYNC_JOB_DUMP) < 0)
         goto cleanup;
@@ -3378,6 +3491,9 @@ qemuDomainScreenshot(virDomainPtr dom,
     priv = vm->privateData;
     cfg = virQEMUDriverGetConfig(driver);
 
+    if (virDomainScreenshotEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0)
         goto cleanup;
 
@@ -3800,11 +3916,15 @@ qemuDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus,
         return -1;
     }
 
+    if (!(vm = qemuDomObjFromDomain(dom)))
+        goto cleanup;
+
     cfg = virQEMUDriverGetConfig(driver);
-    if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
+
+    if (virDomainSetVcpusFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
         goto cleanup;
 
-    if (!(vm = qemuDomObjFromDomain(dom)))
+    if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
     priv = vm->privateData;
@@ -3936,6 +4056,9 @@ qemuDomainPinVcpuFlags(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainPinVcpuFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -4119,6 +4242,9 @@ qemuDomainGetVcpuPinInfo(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainGetVcpuPinInfoEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -4207,6 +4333,9 @@ qemuDomainPinEmulator(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainPinEmulatorEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -4361,6 +4490,9 @@ qemuDomainGetEmulatorPinInfo(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainGetEmulatorPinInfoEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -4426,6 +4558,9 @@ qemuDomainGetVcpus(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainGetVcpusEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s",
@@ -4525,6 +4660,9 @@ qemuDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags)
 
     priv = vm->privateData;
 
+    if (virDomainGetVcpusFlagsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -4608,6 +4746,9 @@ static int qemuDomainGetSecurityLabel(virDomainPtr dom, virSecurityLabelPtr secl
     if (!(vm = qemuDomObjFromDomain(dom)))
         return -1;
 
+    if (virDomainGetSecurityLabelEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainVirtTypeToString(vm->def->virtType)) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("unknown virt type in domain definition '%d'"),
@@ -4656,6 +4797,9 @@ static int qemuDomainGetSecurityLabelList(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         return -1;
 
+    if (virDomainGetSecurityLabelListEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainVirtTypeToString(vm->def->virtType)) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("unknown virt type in domain definition '%d'"),
@@ -4723,6 +4867,9 @@ static int qemuNodeGetSecurityModel(virConnectPtr conn,
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
+    if (virNodeGetSecurityModelEnsureACL(conn) < 0)
+        goto cleanup;
+
     /* We treat no driver as success, but simply return no data in *secmodel */
     if (caps->host.nsecModels == 0 ||
         caps->host.secModels[0].model == NULL)
@@ -5058,6 +5205,9 @@ qemuDomainRestoreFlags(virConnectPtr conn,
     if (fd < 0)
         goto cleanup;
 
+    if (virDomainRestoreFlagsEnsureACL(conn, def) < 0)
+        goto cleanup;
+
     if (!(vm = virDomainObjListAdd(driver->domains, def,
                                    driver->xmlopt,
                                    VIR_DOMAIN_OBJ_LIST_ADD_LIVE |
@@ -5116,6 +5266,9 @@ qemuDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *path,
     if (fd < 0)
         goto cleanup;
 
+    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0)
+        goto cleanup;
+
     ret = qemuDomainDefFormatXML(driver, def, flags);
 
 cleanup:
@@ -5155,6 +5308,9 @@ qemuDomainSaveImageDefineXML(virConnectPtr conn, const char *path,
         goto cleanup;
     }
 
+    if (virDomainSaveImageDefineXMLEnsureACL(conn, def) < 0)
+        goto cleanup;
+
     xml = qemuDomainDefFormatXML(driver, def,
                                  VIR_DOMAIN_XML_INACTIVE |
                                  VIR_DOMAIN_XML_SECURE |
@@ -5265,6 +5421,9 @@ static char *qemuDomainGetXMLDesc(virDomainPtr dom,
 
     priv = vm->privateData;
 
+    if (virDomainGetXMLDescEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     /* Refresh current memory based on balloon info if supported */
     if ((vm->def->memballoon != NULL) &&
         (vm->def->memballoon->model != VIR_DOMAIN_MEMBALLOON_MODEL_NONE) &&
@@ -5323,6 +5482,9 @@ static char *qemuConnectDomainXMLFromNative(virConnectPtr conn,
 
     virCheckFlags(0, NULL);
 
+    if (virConnectDomainXMLFromNativeEnsureACL(conn) < 0)
+        goto cleanup;
+
     if (STRNEQ(format, QEMU_CONFIG_FORMAT_ARGV)) {
         virReportError(VIR_ERR_INVALID_ARG,
                        _("unsupported config type %s"), format);
@@ -5368,6 +5530,9 @@ static char *qemuConnectDomainXMLToNative(virConnectPtr conn,
 
     cfg = virQEMUDriverGetConfig(driver);
 
+    if (virConnectDomainXMLToNativeEnsureACL(conn) < 0)
+        goto cleanup;
+
     if (STRNEQ(format, QEMU_CONFIG_FORMAT_ARGV)) {
         virReportError(VIR_ERR_INVALID_ARG,
                        _("unsupported config type %s"), format);
@@ -5540,19 +5705,28 @@ cleanup:
 static int qemuConnectListDefinedDomains(virConnectPtr conn,
                                          char **const names, int nnames) {
     virQEMUDriverPtr driver = conn->privateData;
-    int n;
+    int ret = -1;
 
-    n = virDomainObjListGetInactiveNames(driver->domains, names, nnames);
-    return n;
+    if (virConnectListDefinedDomainsEnsureACL(conn) < 0)
+        goto cleanup;
+
+    ret = virDomainObjListGetInactiveNames(driver->domains, names, nnames);
+
+cleanup:
+    return ret;
 }
 
 static int qemuConnectNumOfDefinedDomains(virConnectPtr conn) {
     virQEMUDriverPtr driver = conn->privateData;
-    int n;
+    int ret = -1;
+
+    if (virConnectNumOfDefinedDomainsEnsureACL(conn) < 0)
+        goto cleanup;
 
-    n = virDomainObjListNumOfDomains(driver->domains, 0);
+    ret = virDomainObjListNumOfDomains(driver->domains, 0);
 
-    return n;
+cleanup:
+    return ret;
 }
 
 
@@ -5649,6 +5823,9 @@ qemuDomainCreateWithFlags(virDomainPtr dom, unsigned int flags)
     if (!(vm = qemuDomObjFromDomain(dom)))
         return -1;
 
+    if (virDomainCreateWithFlagsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
         goto cleanup;
 
@@ -5700,6 +5877,9 @@ static virDomainPtr qemuDomainDefineXML(virConnectPtr conn, const char *xml) {
                                         VIR_DOMAIN_XML_INACTIVE)))
         goto cleanup;
 
+    if (virDomainDefineXMLEnsureACL(conn, def) < 0)
+        goto cleanup;
+
     if (virSecurityManagerVerify(driver->securityManager, def) < 0)
         goto cleanup;
 
@@ -5789,6 +5969,9 @@ qemuDomainUndefineFlags(virDomainPtr dom,
 
     cfg = virQEMUDriverGetConfig(driver);
 
+    if (virDomainUndefineFlagsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!vm->persistent) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("cannot undefine transient domain"));
@@ -6555,6 +6738,9 @@ static int qemuDomainAttachDeviceFlags(virDomainPtr dom, const char *xml,
 
     priv = vm->privateData;
 
+    if (virDomainAttachDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
         goto cleanup;
 
@@ -6695,6 +6881,9 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,
 
     priv = vm->privateData;
 
+    if (virDomainUpdateDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
         goto cleanup;
 
@@ -6827,6 +7016,9 @@ static int qemuDomainDetachDeviceFlags(virDomainPtr dom, const char *xml,
 
     priv = vm->privateData;
 
+    if (virDomainDetachDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
         goto cleanup;
 
@@ -6942,6 +7134,9 @@ static int qemuDomainGetAutostart(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainGetAutostartEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     *autostart = vm->autostart;
     ret = 0;
 
@@ -6964,6 +7159,9 @@ static int qemuDomainSetAutostart(virDomainPtr dom,
 
     cfg = virQEMUDriverGetConfig(driver);
 
+    if (virDomainSetAutostartEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!vm->persistent) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("cannot set autostart for transient domain"));
@@ -7065,6 +7263,9 @@ static char *qemuDomainGetSchedulerType(virDomainPtr dom,
     }
     priv = vm->privateData;
 
+    if (virDomainGetSchedulerTypeEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPU)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("cgroup CPU controller is not mounted"));
@@ -7244,6 +7445,10 @@ qemuDomainSetBlkioParameters(virDomainPtr dom,
 
     priv = vm->privateData;
     cfg = virQEMUDriverGetConfig(driver);
+
+    if (virDomainSetBlkioParametersEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -7391,6 +7596,9 @@ qemuDomainGetBlkioParameters(virDomainPtr dom,
 
     priv = vm->privateData;
 
+    if (virDomainGetBlkioParametersEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -7575,6 +7783,9 @@ qemuDomainSetMemoryParameters(virDomainPtr dom,
     priv = vm->privateData;
     cfg = virQEMUDriverGetConfig(driver);
 
+    if (virDomainSetMemoryParametersEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -7695,6 +7906,10 @@ qemuDomainGetMemoryParameters(virDomainPtr dom,
         return -1;
 
     priv = vm->privateData;
+
+    if (virDomainGetMemoryParametersEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -7850,6 +8065,9 @@ qemuDomainSetNumaParameters(virDomainPtr dom,
     priv = vm->privateData;
     cfg = virQEMUDriverGetConfig(driver);
 
+    if (virDomainSetNumaParametersEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -7992,6 +8210,9 @@ qemuDomainGetNumaParameters(virDomainPtr dom,
 
     priv = vm->privateData;
 
+    if (virDomainGetNumaParametersEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -8190,6 +8411,9 @@ qemuDomainSetSchedulerParametersFlags(virDomainPtr dom,
     priv = vm->privateData;
     cfg = virQEMUDriverGetConfig(driver);
 
+    if (virDomainSetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -8461,6 +8685,9 @@ qemuDomainGetSchedulerParametersFlags(virDomainPtr dom,
 
     priv = vm->privateData;
 
+    if (virDomainGetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (*nparams > 1) {
         rc = qemuGetCpuBWStatus(priv->cgroup);
         if (rc < 0)
@@ -8617,6 +8844,9 @@ qemuDomainBlockResize(virDomainPtr dom,
 
     priv = vm->privateData;
 
+    if (virDomainBlockResizeEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
         goto cleanup;
 
@@ -8677,6 +8907,9 @@ qemuDomainBlockStats(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainBlockStatsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("domain is not running"));
@@ -8754,6 +8987,9 @@ qemuDomainBlockStatsFlags(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainBlockStatsFlagsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0)
         goto cleanup;
 
@@ -8907,6 +9143,9 @@ qemuDomainInterfaceStats(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainInterfaceStatsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("domain is not running"));
@@ -8985,6 +9224,9 @@ qemuDomainSetInterfaceParameters(virDomainPtr dom,
 
     cfg = virQEMUDriverGetConfig(driver);
 
+    if (virDomainSetInterfaceParametersEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -9144,6 +9386,9 @@ qemuDomainGetInterfaceParameters(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         return -1;
 
+    if (virDomainGetInterfaceParametersEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -9250,6 +9495,9 @@ qemuDomainMemoryStats(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainMemoryStatsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0)
         goto cleanup;
 
@@ -9301,6 +9549,9 @@ qemuDomainBlockPeek(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainBlockPeekEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!path || path[0] == '\0') {
         virReportError(VIR_ERR_INVALID_ARG,
                        "%s", _("NULL or empty path"));
@@ -9363,6 +9614,9 @@ qemuDomainMemoryPeek(virDomainPtr dom,
 
     cfg = virQEMUDriverGetConfig(driver);
 
+    if (virDomainMemoryPeekEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (flags != VIR_MEMORY_VIRTUAL && flags != VIR_MEMORY_PHYSICAL) {
         virReportError(VIR_ERR_INVALID_ARG,
                        "%s", _("flags parameter must be VIR_MEMORY_VIRTUAL or VIR_MEMORY_PHYSICAL"));
@@ -9456,6 +9710,9 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom,
 
     cfg = virQEMUDriverGetConfig(driver);
 
+    if (virDomainGetBlockInfoEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!path || path[0] == '\0') {
         virReportError(VIR_ERR_INVALID_ARG,
                        "%s", _("NULL or empty path"));
@@ -9590,12 +9847,19 @@ qemuConnectDomainEventRegister(virConnectPtr conn,
                                virFreeCallback freecb)
 {
     virQEMUDriverPtr driver = conn->privateData;
-    int ret;
+    int ret = -1;
 
-    ret = virDomainEventStateRegister(conn,
-                                      driver->domainEventState,
-                                      callback, opaque, freecb);
+    if (virConnectDomainEventRegisterEnsureACL(conn) < 0)
+        goto cleanup;
+
+    if (virDomainEventStateRegister(conn,
+                                    driver->domainEventState,
+                                    callback, opaque, freecb) < 0)
+        goto cleanup;
 
+    ret = 0;
+
+cleanup:
     return ret;
 }
 
@@ -9605,12 +9869,19 @@ qemuConnectDomainEventDeregister(virConnectPtr conn,
                                  virConnectDomainEventCallback callback)
 {
     virQEMUDriverPtr driver = conn->privateData;
-    int ret;
+    int ret = -1;
 
-    ret = virDomainEventStateDeregister(conn,
-                                        driver->domainEventState,
-                                        callback);
+    if (virConnectDomainEventDeregisterEnsureACL(conn) < 0)
+        goto cleanup;
+
+    if (virDomainEventStateDeregister(conn,
+                                      driver->domainEventState,
+                                      callback) < 0)
+        goto cleanup;
+
+    ret = 0;
 
+cleanup:
     return ret;
 }
 
@@ -9624,14 +9895,20 @@ qemuConnectDomainEventRegisterAny(virConnectPtr conn,
                                   virFreeCallback freecb)
 {
     virQEMUDriverPtr driver = conn->privateData;
-    int ret;
+    int ret = -1;
+
+    if (virConnectDomainEventRegisterAnyEnsureACL(conn) < 0)
+        goto cleanup;
 
     if (virDomainEventStateRegisterID(conn,
                                       driver->domainEventState,
                                       dom, eventID,
                                       callback, opaque, freecb, &ret) < 0)
-        ret = -1;
+        goto cleanup;
 
+    ret = 0;
+
+cleanup:
     return ret;
 }
 
@@ -9641,12 +9918,19 @@ qemuConnectDomainEventDeregisterAny(virConnectPtr conn,
                                     int callbackID)
 {
     virQEMUDriverPtr driver = conn->privateData;
-    int ret;
+    int ret = -1;
 
-    ret = virDomainEventStateDeregisterID(conn,
-                                          driver->domainEventState,
-                                          callbackID);
+    if (virConnectDomainEventDeregisterAnyEnsureACL(conn) < 0)
+        goto cleanup;
 
+    if (virDomainEventStateDeregisterID(conn,
+                                        driver->domainEventState,
+                                        callbackID) < 0)
+        goto cleanup;
+
+    ret = 0;
+
+cleanup:
     return ret;
 }
 
@@ -9712,6 +9996,9 @@ qemuDomainMigratePrepareTunnel(virConnectPtr dconn,
             goto cleanup;
     }
 
+    if (virDomainMigratePrepareTunnelEnsureACL(dconn, def) < 0)
+        goto cleanup;
+
     ret = qemuMigrationPrepareTunnel(driver, dconn,
                                      NULL, 0, NULL, NULL, /* No cookies in v2 */
                                      st, &def, flags);
@@ -9782,6 +10069,9 @@ qemuDomainMigratePrepare2(virConnectPtr dconn,
             goto cleanup;
     }
 
+    if (virDomainMigratePrepare2EnsureACL(dconn, def) < 0)
+        goto cleanup;
+
     /* Do not use cookies in v2 protocol, since the cookie
      * length was not sufficiently large, causing failures
      * migrating between old & new libvirtd
@@ -9825,6 +10115,9 @@ qemuDomainMigratePerform(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainMigratePerformEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (flags & VIR_MIGRATE_PEER2PEER) {
         dconnuri = uri;
         uri = NULL;
@@ -9869,6 +10162,9 @@ qemuDomainMigrateFinish2(virConnectPtr dconn,
         goto cleanup;
     }
 
+    if (virDomainMigrateFinish2EnsureACL(dconn, vm->def) < 0)
+        goto cleanup;
+
     /* Do not use cookies in v2 protocol, since the cookie
      * length was not sufficiently large, causing failures
      * migrating between old & new libvirtd
@@ -9905,6 +10201,9 @@ qemuDomainMigrateBegin3(virDomainPtr domain,
     if (!(vm = qemuDomObjFromDomain(domain)))
         return NULL;
 
+    if (virDomainMigrateBegin3EnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
     if ((flags & VIR_MIGRATE_CHANGE_PROTECTION)) {
         if (qemuMigrationJobStart(driver, vm, QEMU_ASYNC_JOB_MIGRATION_OUT) < 0)
             goto cleanup;
@@ -10020,6 +10319,9 @@ qemuDomainMigratePrepare3(virConnectPtr dconn,
             goto cleanup;
     }
 
+    if (virDomainMigratePrepare3EnsureACL(dconn, def) < 0)
+        goto cleanup;
+
     ret = qemuMigrationPrepareDirect(driver, dconn,
                                      cookiein, cookieinlen,
                                      cookieout, cookieoutlen,
@@ -10082,6 +10384,9 @@ qemuDomainMigratePrepareTunnel3(virConnectPtr dconn,
             goto cleanup;
     }
 
+    if (virDomainMigratePrepareTunnel3EnsureACL(dconn, def) < 0)
+        goto cleanup;
+
     ret = qemuMigrationPrepareTunnel(driver, dconn,
                                      cookiein, cookieinlen,
                                      cookieout, cookieoutlen,
@@ -10115,6 +10420,11 @@ qemuDomainMigratePerform3(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         return -1;
 
+    if (virDomainMigratePerform3EnsureACL(dom->conn, vm->def) < 0) {
+        virObjectUnlock(vm);
+        return -1;
+    }
+
     return qemuMigrationPerform(driver, dom->conn, vm, xmlin,
                                 dconnuri, uri, cookiein, cookieinlen,
                                 cookieout, cookieoutlen,
@@ -10147,6 +10457,9 @@ qemuDomainMigrateFinish3(virConnectPtr dconn,
         goto cleanup;
     }
 
+    if (virDomainMigrateFinish3EnsureACL(dconn, vm->def) < 0)
+        goto cleanup;
+
     dom = qemuMigrationFinish(driver, dconn, vm,
                               cookiein, cookieinlen,
                               cookieout, cookieoutlen,
@@ -10176,6 +10489,9 @@ qemuDomainMigrateConfirm3(virDomainPtr domain,
 
     cfg = virQEMUDriverGetConfig(driver);
 
+    if (virDomainMigrateConfirm3EnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!qemuMigrationJobIsActive(vm, QEMU_ASYNC_JOB_MIGRATION_OUT))
         goto cleanup;
 
@@ -10211,25 +10527,15 @@ cleanup:
 
 
 static int
-qemuNodeDeviceGetPciInfo(virNodeDevicePtr dev,
+qemuNodeDeviceGetPciInfo(virNodeDeviceDefPtr def,
                          unsigned *domain,
                          unsigned *bus,
                          unsigned *slot,
                          unsigned *function)
 {
-    virNodeDeviceDefPtr def = NULL;
     virNodeDevCapsDefPtr cap;
-    char *xml = NULL;
     int ret = -1;
 
-    xml = virNodeDeviceGetXMLDesc(dev, 0);
-    if (!xml)
-        goto out;
-
-    def = virNodeDeviceDefParseString(xml, EXISTING_DEVICE, NULL);
-    if (!def)
-        goto out;
-
     cap = def->caps;
     while (cap) {
         if (cap->type == VIR_NODE_DEV_CAP_PCI_DEV) {
@@ -10245,14 +10551,12 @@ qemuNodeDeviceGetPciInfo(virNodeDevicePtr dev,
 
     if (!cap) {
         virReportError(VIR_ERR_INVALID_ARG,
-                       _("device %s is not a PCI device"), dev->name);
+                       _("device %s is not a PCI device"), def->name);
         goto out;
     }
 
     ret = 0;
 out:
-    virNodeDeviceDefFree(def);
-    VIR_FREE(xml);
     return ret;
 }
 
@@ -10266,15 +10570,28 @@ qemuNodeDeviceDetachFlags(virNodeDevicePtr dev,
     unsigned domain, bus, slot, function;
     int ret = -1;
     bool in_inactive_list = false;
+    virNodeDeviceDefPtr def = NULL;
+    char *xml = NULL;
 
     virCheckFlags(0, -1);
 
-    if (qemuNodeDeviceGetPciInfo(dev, &domain, &bus, &slot, &function) < 0)
-        return -1;
+    xml = virNodeDeviceGetXMLDesc(dev, 0);
+    if (!xml)
+        goto cleanup;
+
+    def = virNodeDeviceDefParseString(xml, EXISTING_DEVICE, NULL);
+    if (!def)
+        goto cleanup;
+
+    if (virNodeDeviceDetachFlagsEnsureACL(dev->conn, def) < 0)
+        goto cleanup;
+
+    if (qemuNodeDeviceGetPciInfo(def, &domain, &bus, &slot, &function) < 0)
+        goto cleanup;
 
     pci = virPCIDeviceNew(domain, bus, slot, function);
     if (!pci)
-        return -1;
+        goto cleanup;
 
     if (!driverName || STREQ(driverName, "kvm")) {
         virPCIDeviceSetStubDriver(pci, "pci-stub");
@@ -10300,6 +10617,9 @@ out:
     virObjectUnlock(driver->activePciHostdevs);
     if (in_inactive_list)
         virPCIDeviceFree(pci);
+cleanup:
+    virNodeDeviceDefFree(def);
+    VIR_FREE(xml);
     return ret;
 }
 
@@ -10313,17 +10633,30 @@ static int
 qemuNodeDeviceReAttach(virNodeDevicePtr dev)
 {
     virQEMUDriverPtr driver = dev->conn->privateData;
-    virPCIDevicePtr pci;
+    virPCIDevicePtr pci = NULL;
     virPCIDevicePtr other;
     unsigned domain, bus, slot, function;
     int ret = -1;
+    virNodeDeviceDefPtr def = NULL;
+    char *xml = NULL;
 
-    if (qemuNodeDeviceGetPciInfo(dev, &domain, &bus, &slot, &function) < 0)
-        return -1;
+    xml = virNodeDeviceGetXMLDesc(dev, 0);
+    if (!xml)
+        goto cleanup;
+
+    def = virNodeDeviceDefParseString(xml, EXISTING_DEVICE, NULL);
+    if (!def)
+        goto cleanup;
+
+    if (virNodeDeviceReAttachEnsureACL(dev->conn, def) < 0)
+        goto cleanup;
+
+    if (qemuNodeDeviceGetPciInfo(def, &domain, &bus, &slot, &function) < 0)
+        goto cleanup;
 
     pci = virPCIDeviceNew(domain, bus, slot, function);
     if (!pci)
-        return -1;
+        goto cleanup;
 
     virObjectLock(driver->activePciHostdevs);
     virObjectLock(driver->inactivePciHostdevs);
@@ -10353,6 +10686,9 @@ out:
     virObjectUnlock(driver->inactivePciHostdevs);
     virObjectUnlock(driver->activePciHostdevs);
     virPCIDeviceFree(pci);
+cleanup:
+    virNodeDeviceDefFree(def);
+    VIR_FREE(xml);
     return ret;
 }
 
@@ -10363,13 +10699,26 @@ qemuNodeDeviceReset(virNodeDevicePtr dev)
     virPCIDevicePtr pci;
     unsigned domain, bus, slot, function;
     int ret = -1;
+    virNodeDeviceDefPtr def = NULL;
+    char *xml = NULL;
 
-    if (qemuNodeDeviceGetPciInfo(dev, &domain, &bus, &slot, &function) < 0)
-        return -1;
+    xml = virNodeDeviceGetXMLDesc(dev, 0);
+    if (!xml)
+        goto cleanup;
+
+    def = virNodeDeviceDefParseString(xml, EXISTING_DEVICE, NULL);
+    if (!def)
+        goto cleanup;
+
+    if (virNodeDeviceResetEnsureACL(dev->conn, def) < 0)
+        goto cleanup;
+
+    if (qemuNodeDeviceGetPciInfo(def, &domain, &bus, &slot, &function) < 0)
+        goto cleanup;
 
     pci = virPCIDeviceNew(domain, bus, slot, function);
     if (!pci)
-        return -1;
+        goto cleanup;
 
     virObjectLock(driver->activePciHostdevs);
     virObjectLock(driver->inactivePciHostdevs);
@@ -10383,6 +10732,9 @@ out:
     virObjectUnlock(driver->inactivePciHostdevs);
     virObjectUnlock(driver->activePciHostdevs);
     virPCIDeviceFree(pci);
+cleanup:
+    virNodeDeviceDefFree(def);
+    VIR_FREE(xml);
     return ret;
 }
 
@@ -10397,6 +10749,9 @@ qemuConnectCompareCPU(virConnectPtr conn,
 
     virCheckFlags(0, VIR_CPU_COMPARE_ERROR);
 
+    if (virConnectCompareCPUEnsureACL(conn) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -10420,12 +10775,16 @@ qemuConnectBaselineCPU(virConnectPtr conn ATTRIBUTE_UNUSED,
                        unsigned int ncpus,
                        unsigned int flags)
 {
-    char *cpu;
+    char *cpu = NULL;
 
     virCheckFlags(0, NULL);
 
+    if (virConnectBaselineCPUEnsureACL(conn) < 0)
+        goto cleanup;
+
     cpu = cpuBaselineXML(xmlCPUs, ncpus, NULL, 0);
 
+cleanup:
     return cpu;
 }
 
@@ -10441,6 +10800,9 @@ static int qemuDomainGetJobInfo(virDomainPtr dom,
 
     priv = vm->privateData;
 
+    if (virDomainGetJobInfoEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (virDomainObjIsActive(vm)) {
         if (priv->job.asyncJob && !priv->job.dump_memory_only) {
             memcpy(info, &priv->job.info, sizeof(*info));
@@ -10493,6 +10855,9 @@ qemuDomainGetJobStats(virDomainPtr dom,
 
     priv = vm->privateData;
 
+    if (virDomainGetJobStatsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("domain is not running"));
@@ -10621,6 +10986,9 @@ static int qemuDomainAbortJob(virDomainPtr dom) {
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainAbortJobEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_ABORT) < 0)
         goto cleanup;
 
@@ -10675,6 +11043,9 @@ qemuDomainMigrateSetMaxDowntime(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainMigrateSetMaxDowntimeEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MIGRATION_OP) < 0)
         goto cleanup;
 
@@ -10722,6 +11093,9 @@ qemuDomainMigrateGetCompressionCache(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainMigrateGetCompressionCacheEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0)
         goto cleanup;
 
@@ -10774,6 +11148,9 @@ qemuDomainMigrateSetCompressionCache(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainMigrateSetCompressionCacheEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MIGRATION_OP) < 0)
         goto cleanup;
 
@@ -10828,6 +11205,10 @@ qemuDomainMigrateSetMaxSpeed(virDomainPtr dom,
         goto cleanup;
 
     priv = vm->privateData;
+
+    if (virDomainMigrateSetMaxSpeedEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (virDomainObjIsActive(vm)) {
         if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MIGRATION_OP) < 0)
             goto cleanup;
@@ -10875,6 +11256,10 @@ qemuDomainMigrateGetMaxSpeed(virDomainPtr dom,
         goto cleanup;
 
     priv = vm->privateData;
+
+    if (virDomainMigrateGetMaxSpeedEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     *bandwidth = priv->migMaxBandwidth;
     ret = 0;
 
@@ -11830,6 +12215,9 @@ qemuDomainSnapshotCreateXML(virDomainPtr domain,
 
     cfg = virQEMUDriverGetConfig(driver);
 
+    if (virDomainSnapshotCreateXMLEnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -12160,6 +12548,9 @@ static int qemuDomainSnapshotListNames(virDomainPtr domain, char **names,
     if (!(vm = qemuDomObjFromDomain(domain)))
         goto cleanup;
 
+    if (virDomainSnapshotListNamesEnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
     n = virDomainSnapshotObjListGetNames(vm->snapshots, NULL, names, nameslen,
                                          flags);
 
@@ -12181,6 +12572,9 @@ static int qemuDomainSnapshotNum(virDomainPtr domain,
     if (!(vm = qemuDomObjFromDomain(domain)))
         goto cleanup;
 
+    if (virDomainSnapshotNumEnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
     n = virDomainSnapshotObjListNum(vm->snapshots, NULL, flags);
 
 cleanup:
@@ -12202,6 +12596,9 @@ qemuDomainListAllSnapshots(virDomainPtr domain, virDomainSnapshotPtr **snaps,
     if (!(vm = qemuDomObjFromDomain(domain)))
         goto cleanup;
 
+    if (virDomainListAllSnapshotsEnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
     n = virDomainListSnapshots(vm->snapshots, NULL, domain, snaps, flags);
 
 cleanup:
@@ -12226,6 +12623,9 @@ qemuDomainSnapshotListChildrenNames(virDomainSnapshotPtr snapshot,
     if (!(vm = qemuDomObjFromSnapshot(snapshot)))
         goto cleanup;
 
+    if (virDomainSnapshotListChildrenNamesEnsureACL(snapshot->domain->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(snap = qemuSnapObjFromSnapshot(vm, snapshot)))
         goto cleanup;
 
@@ -12252,6 +12652,9 @@ qemuDomainSnapshotNumChildren(virDomainSnapshotPtr snapshot,
     if (!(vm = qemuDomObjFromSnapshot(snapshot)))
         goto cleanup;
 
+    if (virDomainSnapshotNumChildrenEnsureACL(snapshot->domain->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(snap = qemuSnapObjFromSnapshot(vm, snapshot)))
         goto cleanup;
 
@@ -12278,6 +12681,9 @@ qemuDomainSnapshotListAllChildren(virDomainSnapshotPtr snapshot,
     if (!(vm = qemuDomObjFromSnapshot(snapshot)))
         goto cleanup;
 
+    if (virDomainSnapshotListAllChildrenEnsureACL(snapshot->domain->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(snap = qemuSnapObjFromSnapshot(vm, snapshot)))
         goto cleanup;
 
@@ -12303,6 +12709,9 @@ static virDomainSnapshotPtr qemuDomainSnapshotLookupByName(virDomainPtr domain,
     if (!(vm = qemuDomObjFromDomain(domain)))
         goto cleanup;
 
+    if (virDomainSnapshotLookupByNameEnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(snap = qemuSnapObjFromName(vm, name)))
         goto cleanup;
 
@@ -12325,6 +12734,9 @@ static int qemuDomainHasCurrentSnapshot(virDomainPtr domain,
     if (!(vm = qemuDomObjFromDomain(domain)))
         goto cleanup;
 
+    if (virDomainHasCurrentSnapshotEnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
     ret = (vm->current_snapshot != NULL);
 
 cleanup:
@@ -12346,6 +12758,9 @@ qemuDomainSnapshotGetParent(virDomainSnapshotPtr snapshot,
     if (!(vm = qemuDomObjFromSnapshot(snapshot)))
         goto cleanup;
 
+    if (virDomainSnapshotGetParentEnsureACL(snapshot->domain->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(snap = qemuSnapObjFromSnapshot(vm, snapshot)))
         goto cleanup;
 
@@ -12375,6 +12790,9 @@ static virDomainSnapshotPtr qemuDomainSnapshotCurrent(virDomainPtr domain,
     if (!(vm = qemuDomObjFromDomain(domain)))
         goto cleanup;
 
+    if (virDomainSnapshotCurrentEnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!vm->current_snapshot) {
         virReportError(VIR_ERR_NO_DOMAIN_SNAPSHOT, "%s",
                        _("the domain does not have a current snapshot"));
@@ -12402,6 +12820,9 @@ static char *qemuDomainSnapshotGetXMLDesc(virDomainSnapshotPtr snapshot,
     if (!(vm = qemuDomObjFromSnapshot(snapshot)))
         goto cleanup;
 
+    if (virDomainSnapshotGetXMLDescEnsureACL(snapshot->domain->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(snap = qemuSnapObjFromSnapshot(vm, snapshot)))
         goto cleanup;
 
@@ -12428,6 +12849,9 @@ qemuDomainSnapshotIsCurrent(virDomainSnapshotPtr snapshot,
     if (!(vm = qemuDomObjFromSnapshot(snapshot)))
         goto cleanup;
 
+    if (virDomainSnapshotIsCurrentEnsureACL(snapshot->domain->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(snap = qemuSnapObjFromSnapshot(vm, snapshot)))
         goto cleanup;
 
@@ -12454,6 +12878,9 @@ qemuDomainSnapshotHasMetadata(virDomainSnapshotPtr snapshot,
     if (!(vm = qemuDomObjFromSnapshot(snapshot)))
         goto cleanup;
 
+    if (virDomainSnapshotHasMetadataEnsureACL(snapshot->domain->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(snap = qemuSnapObjFromSnapshot(vm, snapshot)))
         goto cleanup;
 
@@ -12518,6 +12945,9 @@ static int qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
 
     cfg = virQEMUDriverGetConfig(driver);
 
+    if (virDomainRevertToSnapshotEnsureACL(snapshot->domain->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -12876,6 +13306,10 @@ static int qemuDomainSnapshotDelete(virDomainSnapshotPtr snapshot,
         return -1;
 
     cfg = virQEMUDriverGetConfig(driver);
+
+    if (virDomainSnapshotDeleteEnsureACL(snapshot->domain->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(snap = qemuSnapObjFromSnapshot(vm, snapshot)))
         goto cleanup;
 
@@ -12975,6 +13409,9 @@ static int qemuDomainQemuMonitorCommand(virDomainPtr domain, const char *cmd,
     if (!(vm = qemuDomObjFromDomain(domain)))
         goto cleanup;
 
+    if (virDomainQemuMonitorCommandEnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("domain is not running"));
@@ -13036,6 +13473,9 @@ static virDomainPtr qemuDomainQemuAttach(virConnectPtr conn,
                                         &pidfile, &monConfig, &monJSON)))
         goto cleanup;
 
+    if (virDomainQemuAttachEnsureACL(conn, def) < 0)
+        goto cleanup;
+
     if (!monConfig) {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
                        _("No monitor connection for pid %u"), pid_value);
@@ -13124,6 +13564,9 @@ qemuDomainOpenConsole(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainOpenConsoleEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("domain is not running"));
@@ -13202,6 +13645,9 @@ qemuDomainOpenChannel(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainOpenChannelEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("domain is not running"));
@@ -13438,12 +13884,13 @@ cleanup:
 }
 
 static int
-qemuDomainBlockJobImpl(virDomainPtr dom, const char *path, const char *base,
+qemuDomainBlockJobImpl(virDomainObjPtr vm,
+                       virConnectPtr conn,
+                       const char *path, const char *base,
                        unsigned long bandwidth, virDomainBlockJobInfoPtr info,
                        int mode, unsigned int flags)
 {
-    virQEMUDriverPtr driver = dom->conn->privateData;
-    virDomainObjPtr vm = NULL;
+    virQEMUDriverPtr driver = conn->privateData;
     qemuDomainObjPrivatePtr priv;
     char *device = NULL;
     int ret = -1;
@@ -13452,9 +13899,6 @@ qemuDomainBlockJobImpl(virDomainPtr dom, const char *path, const char *base,
     int idx;
     virDomainDiskDefPtr disk;
 
-    if (!(vm = qemuDomObjFromDomain(dom)))
-        return -1;
-
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID, "%s",
                        _("domain is not running"));
@@ -13511,7 +13955,7 @@ qemuDomainBlockJobImpl(virDomainPtr dom, const char *path, const char *base,
 
     if (disk->mirror && mode == BLOCK_JOB_ABORT &&
         (flags & VIR_DOMAIN_BLOCK_JOB_ABORT_PIVOT)) {
-        ret = qemuDomainBlockPivot(dom->conn, driver, vm, device, disk);
+        ret = qemuDomainBlockPivot(conn, driver, vm, device, disk);
         goto endjob;
     }
 
@@ -13601,9 +14045,20 @@ cleanup:
 static int
 qemuDomainBlockJobAbort(virDomainPtr dom, const char *path, unsigned int flags)
 {
+    virDomainObjPtr vm;
+
     virCheckFlags(VIR_DOMAIN_BLOCK_JOB_ABORT_ASYNC |
                   VIR_DOMAIN_BLOCK_JOB_ABORT_PIVOT, -1);
-    return qemuDomainBlockJobImpl(dom, path, NULL, 0, NULL, BLOCK_JOB_ABORT,
+
+    if (!(vm = qemuDomObjFromDomain(dom)))
+        return -1;
+
+    if (virDomainBlockJobAbortEnsureACL(dom->conn, vm->def) < 0) {
+        virObjectUnlock(vm);
+        return -1;
+    }
+
+    return qemuDomainBlockJobImpl(vm, dom->conn, path, NULL, 0, NULL, BLOCK_JOB_ABORT,
                                   flags);
 }
 
@@ -13611,8 +14066,18 @@ static int
 qemuDomainGetBlockJobInfo(virDomainPtr dom, const char *path,
                            virDomainBlockJobInfoPtr info, unsigned int flags)
 {
+    virDomainObjPtr vm;
     virCheckFlags(0, -1);
-    return qemuDomainBlockJobImpl(dom, path, NULL, 0, info, BLOCK_JOB_INFO,
+
+    if (!(vm = qemuDomObjFromDomain(dom)))
+        return -1;
+
+    if (virDomainGetBlockJobInfoEnsureACL(dom->conn, vm->def) < 0) {
+        virObjectUnlock(vm);
+        return -1;
+    }
+
+    return qemuDomainBlockJobImpl(vm, dom->conn, path, NULL, 0, info, BLOCK_JOB_INFO,
                                   flags);
 }
 
@@ -13620,18 +14085,29 @@ static int
 qemuDomainBlockJobSetSpeed(virDomainPtr dom, const char *path,
                            unsigned long bandwidth, unsigned int flags)
 {
+    virDomainObjPtr vm;
     virCheckFlags(0, -1);
-    return qemuDomainBlockJobImpl(dom, path, NULL, bandwidth, NULL,
+
+    if (!(vm = qemuDomObjFromDomain(dom)))
+        return -1;
+
+    if (virDomainBlockJobSetSpeedEnsureACL(dom->conn, vm->def) < 0) {
+        virObjectUnlock(vm);
+        return -1;
+    }
+
+    return qemuDomainBlockJobImpl(vm, dom->conn, path, NULL, bandwidth, NULL,
                                   BLOCK_JOB_SPEED, flags);
 }
 
 static int
-qemuDomainBlockCopy(virDomainPtr dom, const char *path,
+qemuDomainBlockCopy(virDomainObjPtr vm,
+                    virConnectPtr conn,
+                    const char *path,
                     const char *dest, const char *format,
                     unsigned long bandwidth, unsigned int flags)
 {
-    virQEMUDriverPtr driver = dom->conn->privateData;
-    virDomainObjPtr vm;
+    virQEMUDriverPtr driver = conn->privateData;
     qemuDomainObjPrivatePtr priv;
     char *device = NULL;
     virDomainDiskDefPtr disk;
@@ -13646,10 +14122,9 @@ qemuDomainBlockCopy(virDomainPtr dom, const char *path,
     virCheckFlags(VIR_DOMAIN_BLOCK_REBASE_SHALLOW |
                   VIR_DOMAIN_BLOCK_REBASE_REUSE_EXT, -1);
 
-    if (!(vm = qemuDomObjFromDomain(dom)))
-        goto cleanup;
     priv = vm->privateData;
     cfg = virQEMUDriverGetConfig(driver);
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID, "%s",
                        _("domain is not running"));
@@ -13801,21 +14276,31 @@ static int
 qemuDomainBlockRebase(virDomainPtr dom, const char *path, const char *base,
                       unsigned long bandwidth, unsigned int flags)
 {
+    virDomainObjPtr vm;
+
     virCheckFlags(VIR_DOMAIN_BLOCK_REBASE_SHALLOW |
                   VIR_DOMAIN_BLOCK_REBASE_REUSE_EXT |
                   VIR_DOMAIN_BLOCK_REBASE_COPY |
                   VIR_DOMAIN_BLOCK_REBASE_COPY_RAW, -1);
 
+    if (!(vm = qemuDomObjFromDomain(dom)))
+        return -1;
+
+    if (virDomainBlockRebaseEnsureACL(dom->conn, vm->def) < 0) {
+        virObjectUnlock(vm);
+        return -1;
+    }
+
     if (flags & VIR_DOMAIN_BLOCK_REBASE_COPY) {
         const char *format = NULL;
         if (flags & VIR_DOMAIN_BLOCK_REBASE_COPY_RAW)
             format = "raw";
         flags &= ~(VIR_DOMAIN_BLOCK_REBASE_COPY |
                    VIR_DOMAIN_BLOCK_REBASE_COPY_RAW);
-        return qemuDomainBlockCopy(dom, path, base, format, bandwidth, flags);
+        return qemuDomainBlockCopy(vm, dom->conn, path, base, format, bandwidth, flags);
     }
 
-    return qemuDomainBlockJobImpl(dom, path, base, bandwidth, NULL,
+    return qemuDomainBlockJobImpl(vm, dom->conn, path, base, bandwidth, NULL,
                                   BLOCK_JOB_PULL, flags);
 }
 
@@ -13823,8 +14308,18 @@ static int
 qemuDomainBlockPull(virDomainPtr dom, const char *path, unsigned long bandwidth,
                     unsigned int flags)
 {
+    virDomainObjPtr vm;
     virCheckFlags(0, -1);
-    return qemuDomainBlockJobImpl(dom, path, NULL, bandwidth, NULL,
+
+    if (!(vm = qemuDomObjFromDomain(dom)))
+        return -1;
+
+    if (virDomainBlockPullEnsureACL(dom->conn, vm->def) < 0) {
+        virObjectUnlock(vm);
+        return -1;
+    }
+
+    return qemuDomainBlockJobImpl(vm, dom->conn, path, NULL, bandwidth, NULL,
                                   BLOCK_JOB_PULL, flags);
 }
 
@@ -13853,6 +14348,9 @@ qemuDomainBlockCommit(virDomainPtr dom, const char *path, const char *base,
         goto cleanup;
     priv = vm->privateData;
 
+    if (virDomainBlockCommitEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
         goto cleanup;
 
@@ -13982,6 +14480,9 @@ qemuDomainOpenGraphics(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         return -1;
 
+    if (virDomainOpenGraphicsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("domain is not running"));
@@ -14077,6 +14578,9 @@ qemuDomainSetBlockIoTune(virDomainPtr dom,
     priv = vm->privateData;
     cfg = virQEMUDriverGetConfig(driver);
 
+    if (virDomainSetBlockIoTuneEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto endjob;
 
@@ -14222,6 +14726,9 @@ qemuDomainGetBlockIoTune(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         return -1;
 
+    if (virDomainGetBlockIoTuneEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -14349,6 +14856,9 @@ qemuDomainGetDiskErrors(virDomainPtr dom,
 
     priv = vm->privateData;
 
+    if (virDomainGetDiskErrorsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0)
         goto cleanup;
 
@@ -14425,6 +14935,9 @@ qemuDomainSetMetadata(virDomainPtr dom,
 
     cfg = virQEMUDriverGetConfig(driver);
 
+    if (virDomainSetMetadataEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -14515,6 +15028,9 @@ qemuDomainGetMetadata(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainGetMetadataEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!(caps = virQEMUDriverGetCapabilities(driver, false)))
         goto cleanup;
 
@@ -14795,6 +15311,9 @@ qemuDomainGetCPUStats(virDomainPtr domain,
 
     priv = vm->privateData;
 
+    if (virDomainGetCPUStatsEnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
     isActive = virDomainObjIsActive(vm);
     if (!isActive) {
         virReportError(VIR_ERR_OPERATION_INVALID, "%s",
@@ -14852,6 +15371,9 @@ qemuDomainPMSuspendForDuration(virDomainPtr dom,
 
     priv = vm->privateData;
 
+    if (virDomainPMSuspendForDurationEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("domain is not running"));
@@ -14934,6 +15456,9 @@ qemuDomainPMWakeup(virDomainPtr dom,
     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;
 
+    if (virDomainPMWakeupEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
         goto cleanup;
 
@@ -14976,8 +15501,12 @@ qemuConnectListAllDomains(virConnectPtr conn,
 
     virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ALL, -1);
 
+    if (virConnectListAllDomainsEnsureACL(conn) < 0)
+        goto cleanup;
+
     ret = virDomainObjListExport(driver->domains, conn, domains, flags);
 
+cleanup:
     return ret;
 }
 
@@ -15000,6 +15529,9 @@ qemuDomainQemuAgentCommand(virDomainPtr domain,
 
     priv = vm->privateData;
 
+    if (virDomainQemuAgentCommandEnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("domain is not running"));
@@ -15069,6 +15601,9 @@ qemuDomainFSTrim(virDomainPtr dom,
 
     priv = vm->privateData;
 
+    if (virDomainFSTrimEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("domain is not running"));
@@ -15113,88 +15648,115 @@ cleanup:
 
 
 static int
-qemuNodeGetInfo(virConnectPtr conn ATTRIBUTE_UNUSED,
+qemuNodeGetInfo(virConnectPtr conn,
                 virNodeInfoPtr nodeinfo)
 {
+    if (virNodeGetInfoEnsureACL(conn) < 0)
+        return -1;
+
     return nodeGetInfo(nodeinfo);
 }
 
 
 static int
-qemuNodeGetCPUStats(virConnectPtr conn ATTRIBUTE_UNUSED,
+qemuNodeGetCPUStats(virConnectPtr conn,
                     int cpuNum,
                     virNodeCPUStatsPtr params,
                     int *nparams,
                     unsigned int flags)
 {
+    if (virNodeGetCPUStatsEnsureACL(conn) < 0)
+        return -1;
+
     return nodeGetCPUStats(cpuNum, params, nparams, flags);
 }
 
 
 static int
-qemuNodeGetMemoryStats(virConnectPtr conn ATTRIBUTE_UNUSED,
+qemuNodeGetMemoryStats(virConnectPtr conn,
                        int cellNum,
                        virNodeMemoryStatsPtr params,
                        int *nparams,
                        unsigned int flags)
 {
+    if (virNodeGetMemoryStatsEnsureACL(conn) < 0)
+        return -1;
+
     return nodeGetMemoryStats(cellNum, params, nparams, flags);
 }
 
 
 static int
-qemuNodeGetCellsFreeMemory(virConnectPtr conn ATTRIBUTE_UNUSED,
+qemuNodeGetCellsFreeMemory(virConnectPtr conn,
                            unsigned long long *freeMems,
                            int startCell,
                            int maxCells)
 {
+    if (virNodeGetCellsFreeMemoryEnsureACL(conn) < 0)
+        return -1;
+
     return nodeGetCellsFreeMemory(freeMems, startCell, maxCells);
 }
 
 
 static unsigned long long
-qemuNodeGetFreeMemory(virConnectPtr conn ATTRIBUTE_UNUSED)
+qemuNodeGetFreeMemory(virConnectPtr conn)
 {
+    if (virNodeGetFreeMemoryEnsureACL(conn) < 0)
+        return 0;
+
     return nodeGetFreeMemory();
 }
 
 
 static int
-qemuNodeGetMemoryParameters(virConnectPtr conn ATTRIBUTE_UNUSED,
+qemuNodeGetMemoryParameters(virConnectPtr conn,
                             virTypedParameterPtr params,
                             int *nparams,
                             unsigned int flags)
 {
+    if (virNodeGetMemoryParametersEnsureACL(conn) < 0)
+        return -1;
+
     return nodeGetMemoryParameters(params, nparams, flags);
 }
 
 
 static int
-qemuNodeSetMemoryParameters(virConnectPtr conn ATTRIBUTE_UNUSED,
+qemuNodeSetMemoryParameters(virConnectPtr conn,
                             virTypedParameterPtr params,
                             int nparams,
                             unsigned int flags)
 {
+    if (virNodeSetMemoryParametersEnsureACL(conn) < 0)
+        return -1;
+
     return nodeSetMemoryParameters(params, nparams, flags);
 }
 
 
 static int
-qemuNodeGetCPUMap(virConnectPtr conn ATTRIBUTE_UNUSED,
+qemuNodeGetCPUMap(virConnectPtr conn,
                   unsigned char **cpumap,
                   unsigned int *online,
                   unsigned int flags)
 {
+    if (virNodeGetCPUMapEnsureACL(conn) < 0)
+        return -1;
+
     return nodeGetCPUMap(cpumap, online, flags);
 }
 
 
 static int
-qemuNodeSuspendForDuration(virConnectPtr conn ATTRIBUTE_UNUSED,
+qemuNodeSuspendForDuration(virConnectPtr conn,
                            unsigned int target,
                            unsigned long long duration,
                            unsigned int flags)
 {
+    if (virNodeSuspendForDurationEnsureACL(conn) < 0)
+        return -1;
+
     return nodeSuspendForDuration(target, duration, flags);
 }
 
-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]