Re: [libvirt] [PATCH v5 09/20] backup: Implement backup APIs for remote driver

On 3/6/19 11:47 PM, Eric Blake wrote: Question for Dan: Patch 8/20 created a new domain:checkpoint access category, which works well here... This one should be block_write, not block_read, because it is copying out guest data (which could be a security consideration); basically, the same as virDomainBlockCopy. ...my question is whether it is possible to make the domain:checkpoint permission be conditional on whether the checkpointXml argument was supplied. It's unlikely that someone with domain:block_write to copy disks won't also have domain:checkpoint, but if they aren't creating a checkpoint, it would be nicer to not require that access right. Is the only way to do that by having libvirt declare a flag which gets set any time checkpointXml is non-NULL, so that we can then do domain:checkpoint:FLAG_NAME? (This would be an unusual case where libvirt would set the flag on the user's behalf, and where the flag exists more for the ACL checking than for something inherent to what the user has to tell the driver). The same question applies to my proposed virDomainSnapshotCreateXML2 (there, it would be domain:snapshot instead of domain:block_write as the unconditional permission, but a conditional permission on domain:checkpoint when checkpointXml is non-NULL would be nice to figure out). -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org