Re: [PATCHv2 2/6] event: server RPC protocol tweaks for domain lifecycle events

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 02/11/2014 08:57 AM, Daniel P. Berrange wrote:
> On Wed, Jan 29, 2014 at 10:49:22AM -0700, Eric Blake wrote:
>> This patch adds some new RPC call numbers, but for ease of review,
>> they sit idle until a later patch adds the client counterpart to
>> drive the new RPCs.  Also for ease of review, I limited this patch

> 
> ACK
> 

Thanks for the review.

> 
> 
>> @@ -5068,5 +5085,25 @@ enum remote_procedure {
>>       * @generate: both
>>       * @acl: none
>>       */
>> -    REMOTE_PROC_NETWORK_EVENT_LIFECYCLE = 315
>> +    REMOTE_PROC_NETWORK_EVENT_LIFECYCLE = 315,
>> +
>> +    /**
>> +     * @generate: none
>> +     * @priority: high
>> +     * @acl: none
>> +     */
>> +    REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_REGISTER_ANY = 316,
>> +
>> +    /**
>> +     * @generate: none
>> +     * @priority: high
>> +     * @acl: none
>> +     */
>> +    REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_DEREGISTER_ANY = 317,
> 
> I believe these ACLs need to be non-none now

The way 'make -C src check-aclrules' works is by correlating all RPC
calls back into their API names - but I'm not inventing any new API
names.  These new RPC calls are already covered by existing APIs, and
the ACL checks performed there are already sufficient.  But it turns out
that it doesn't hurt to make these ACLs match the other register RPC
numbers, so I'm inclined to squash this in, unless you think that
generating unused functions in src/access/viraccessapicheck.c is not
worth the pollution:

diff --git i/src/remote/remote_protocol.x w/src/remote/remote_protocol.x
index 982ab1f..26abcdd 100644
--- i/src/remote/remote_protocol.x
+++ w/src/remote/remote_protocol.x
@@ -5090,14 +5090,15 @@ enum remote_procedure {
     /**
      * @generate: none
      * @priority: high
-     * @acl: none
+     * @acl: connect:search_domains
+     * @aclfilter: domain:getattr
      */
     REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_REGISTER_ANY = 316,

     /**
      * @generate: none
      * @priority: high
-     * @acl: none
+     * @acl: connect:read
      */
     REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_DEREGISTER_ANY = 317,



-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]