Hi Dan,
Thank you for replay.
I forgot REMOTE access!!!
Certainty, this patch is not be able to work for a remote hypervisor,
and I understand that this issue and these kind of policy checks is for
under layer, XenD or so. I'II try to put this into XenD.
Thanks,
Kazuki Mizushima
----- Original Message -----
From: "Daniel P. Berrange" <berrange(a)redhat.com>
To: "Kazuki Mizushima" <mizushima.kazuk(a)jp.fujitsu.com>
Cc: <libvir-list(a)redhat.com>
Sent: Tuesday, March 06, 2007 1:26 AM
Subject: Re: [Libvir] [PATCH]Reprt error for a existing file
On Mon, Mar 05, 2007 at 06:04:49PM +0900, Kazuki Mizushima wrote:
> Hi,
>
> I make a patch which reports error for a existing file to prevent
> overwriting before the file.
> diff -u -p -r1.58 virsh.c
> --- src/virsh.c 2 Mar 2007 14:22:33 -0000 1.58
> +++ src/virsh.c 5 Mar 2007 06:49:28 -0000
> @@ -871,6 +873,11 @@ cmdSave(vshControl * ctl, vshCmd * cmd)
> if (!(dom = vshCommandOptDomain(ctl, cmd, "domain", &name)))
> return FALSE;
>
> + if (stat(to, &st) == 0){
> + vshError(ctl, FALSE, _("file %s exists already"), to);
> + return FALSE;
> + }
> +
This isn't going to work if virsh is talking to a remote hypervisor.
It also assumes that virsh can read the directory where the image
is being saved, which isn't neccessarily true. The directory may
very well only be readable by XenD itself so putting in an explicit
overwrite check is just giving a false sense of security to users.
There is really no way virsh/libvirt can reliably check for dump
or save file existance - only XenD or QEMU can do that. So if we want
these kind of policy checks they should be put into the XenD or QEMU
as appropriate.
Regards,
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules:
http://search.cpan.org/~danberr/ -=|
|=- Projects:
http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|