On Wed, Aug 05, 2015 at 01:59:07PM +0200, Tomas Meszaros wrote:
Also, among with this new API new ACL that restricts rename capability is invented too.
Signed-off-by: Tomas Meszaros <exo@tty.sk> --- include/libvirt/libvirt-domain.h | 2 ++ src/access/viraccessperm.c | 3 ++- src/access/viraccessperm.h | 6 ++++++ src/driver-hypervisor.h | 5 +++++ src/libvirt-domain.c | 31 +++++++++++++++++++++++++++++++ src/libvirt_public.syms | 5 +++++ src/remote/remote_driver.c | 1 + src/remote/remote_protocol.x | 18 +++++++++++++++++- src/remote_protocol-structs | 8 ++++++++ 9 files changed, 77 insertions(+), 2 deletions(-)
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index 9f1be6b..0f26793 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -3230,6 +3230,14 @@ struct remote_domain_set_user_password_args { unsigned int flags; };
+struct remote_domain_rename_args { + remote_nonnull_domain dom; + remote_string new_name; +}; + +struct remote_domain_rename_ret { + int rename; +};
/*----- Protocol. -----*/
@@ -5696,5 +5704,13 @@ enum remote_procedure { * @generate:both * @acl: domain:set_password */ - REMOTE_PROC_DOMAIN_SET_USER_PASSWORD = 357 + REMOTE_PROC_DOMAIN_SET_USER_PASSWORD = 357, + + /** + * @generate: both + * @acl: domain:rename + * @acl: domain:write + * @acl: domain:save
When you require write + save you have already given away the keys to the kingdom. Adding a rename permission doesn't really have any benefit at that point. So I'd just get rid of the new rename permission. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|