Re: [Libvir] State of driver backend infrastructure
On Wed, Jun 14, 2006 at 09:22:04AM -0400, Daniel Veillard wrote:
On Wed, Jun 14, 2006 at 01:44:36PM +0100, Daniel P. Berrange wrote:
> 1. In all of these methods I followed example from virDomainSetMemory and
> put in
>
> if (domain->conn->flags & VIR_CONNECT_RO)
> return (-1);
>
> This prevents these methods working with a 'read only' connection,
however,
> this is a deviation from previous semantics. Even with a read only connection,
> XenD will let arbitrary unprivileged user shutdown/suspend/resume/etc a
> domain, so by putting this VIR_CONNECT_RO check in we'd be preventing an
> operation which used to work.
Hum, there is pros and cons. Pro is obviously cleaness and long term
maintainance/expectations (this will have to be fixed). Cons is the fact
it is allowed and putting the limitation in libvirt does not fix anything
and we don't know yet what the final security policy will be...
Also it blocks regression tests from running as an user and force to su
before running 'make tests' which is a bit inconvenient...
When I commit this I'll wrap the VIR_CONNECT_RO flag test in a '#ifdef
PEDANTIC'
conditional. So the default semantics of these methods will be unchanged for
now, unless you explicitly add -DPEDANDIC to the compiler flags. We can re-visit
it at a later day whe XenD gets a sensible security / authentication model.
> What was the reason to call xenDaemonDomainShutdown twice ?
With my
my guess is that's just an error due to a factoring remains from when the
xenDaemonDomainShutdown() code was directly inlined in that routine.
Ok, so I've commited the patch and not worried about the duplicated calls.
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|