On Tue, Feb 11, 2014 at 02:07:06PM -0700, Eric Blake wrote:
On 02/11/2014 08:57 AM, Daniel P. Berrange wrote:
> On Wed, Jan 29, 2014 at 10:49:22AM -0700, Eric Blake wrote:
>> This patch adds some new RPC call numbers, but for ease of review,
>> they sit idle until a later patch adds the client counterpart to
>> drive the new RPCs. Also for ease of review, I limited this patch
>
> ACK
>
Thanks for the review.
>
>
>> @@ -5068,5 +5085,25 @@ enum remote_procedure {
>> * @generate: both
>> * @acl: none
>> */
>> - REMOTE_PROC_NETWORK_EVENT_LIFECYCLE = 315
>> + REMOTE_PROC_NETWORK_EVENT_LIFECYCLE = 315,
>> +
>> + /**
>> + * @generate: none
>> + * @priority: high
>> + * @acl: none
>> + */
>> + REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_REGISTER_ANY = 316,
>> +
>> + /**
>> + * @generate: none
>> + * @priority: high
>> + * @acl: none
>> + */
>> + REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_DEREGISTER_ANY = 317,
>
> I believe these ACLs need to be non-none now
The way 'make -C src check-aclrules' works is by correlating all RPC
calls back into their API names - but I'm not inventing any new API
names. These new RPC calls are already covered by existing APIs, and
the ACL checks performed there are already sufficient. But it turns out
that it doesn't hurt to make these ACLs match the other register RPC
numbers, so I'm inclined to squash this in, unless you think that
generating unused functions in src/access/viraccessapicheck.c is not
worth the pollution:
diff --git i/src/remote/remote_protocol.x w/src/remote/remote_protocol.x
index 982ab1f..26abcdd 100644
--- i/src/remote/remote_protocol.x
+++ w/src/remote/remote_protocol.x
@@ -5090,14 +5090,15 @@ enum remote_procedure {
/**
* @generate: none
* @priority: high
- * @acl: none
+ * @acl: connect:search_domains
+ * @aclfilter: domain:getattr
*/
REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_REGISTER_ANY = 316,
/**
* @generate: none
* @priority: high
- * @acl: none
+ * @acl: connect:read
*/
REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_DEREGISTER_ANY = 317,
ACK to this - it makes it clearer i think
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc :|