On Thu, Jun 27, 2013 at 05:57:17PM +0100, Daniel P. Berrange wrote: > From: "Daniel P. Berrange" <berrange@xxxxxxxxxx> > > The current ACL checks validate access to the object being > passed in to the API calls. > > There are a few APIs (all the virConnectList* / virConnectNum* > ones) which are used to get lists of objects in the first > place. Currently you could find out that there is a VM called > "foo", but you can't then do virDomainLookupByName since the > ACL check may block it. > > This series introduces filtering in the object list APIs, > so you can't even see the existance of an object called > "foo", if you don't have permission over it. > > This is not yet filtering the legacy Xen driver. > > Daniel P. Berrange (8): > Add access control filtering of domain objects > Add access control filtering of network objects > Add access control filtering of node device objects > Add access control filtering of storage objects > Add access control filtering of secret objects > Add access control filtering of nwfilter objects > Add access control filtering of interface objects > Extend the ACL test case to validate filter rule checks This series is a candidate for merging now the 1.1.0 release is out, if someone can review it. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list