Re: [PATCHv2 2/6] event: server RPC protocol tweaks for domain lifecycle events

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Feb 11, 2014 at 02:07:06PM -0700, Eric Blake wrote:
> On 02/11/2014 08:57 AM, Daniel P. Berrange wrote:
> > On Wed, Jan 29, 2014 at 10:49:22AM -0700, Eric Blake wrote:
> >> This patch adds some new RPC call numbers, but for ease of review,
> >> they sit idle until a later patch adds the client counterpart to
> >> drive the new RPCs.  Also for ease of review, I limited this patch
> 
> > 
> > ACK
> > 
> 
> Thanks for the review.
> 
> > 
> > 
> >> @@ -5068,5 +5085,25 @@ enum remote_procedure {
> >>       * @generate: both
> >>       * @acl: none
> >>       */
> >> -    REMOTE_PROC_NETWORK_EVENT_LIFECYCLE = 315
> >> +    REMOTE_PROC_NETWORK_EVENT_LIFECYCLE = 315,
> >> +
> >> +    /**
> >> +     * @generate: none
> >> +     * @priority: high
> >> +     * @acl: none
> >> +     */
> >> +    REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_REGISTER_ANY = 316,
> >> +
> >> +    /**
> >> +     * @generate: none
> >> +     * @priority: high
> >> +     * @acl: none
> >> +     */
> >> +    REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_DEREGISTER_ANY = 317,
> > 
> > I believe these ACLs need to be non-none now
> 
> The way 'make -C src check-aclrules' works is by correlating all RPC
> calls back into their API names - but I'm not inventing any new API
> names.  These new RPC calls are already covered by existing APIs, and
> the ACL checks performed there are already sufficient.  But it turns out
> that it doesn't hurt to make these ACLs match the other register RPC
> numbers, so I'm inclined to squash this in, unless you think that
> generating unused functions in src/access/viraccessapicheck.c is not
> worth the pollution:
> 
> diff --git i/src/remote/remote_protocol.x w/src/remote/remote_protocol.x
> index 982ab1f..26abcdd 100644
> --- i/src/remote/remote_protocol.x
> +++ w/src/remote/remote_protocol.x
> @@ -5090,14 +5090,15 @@ enum remote_procedure {
>      /**
>       * @generate: none
>       * @priority: high
> -     * @acl: none
> +     * @acl: connect:search_domains
> +     * @aclfilter: domain:getattr
>       */
>      REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_REGISTER_ANY = 316,
> 
>      /**
>       * @generate: none
>       * @priority: high
> -     * @acl: none
> +     * @acl: connect:read
>       */
>      REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_DEREGISTER_ANY = 317,

ACK to this - it makes it clearer i think

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]