9:11 a.m.
See individual patches.
Peter Krempa (2):
access: Allow 'node-device.read' permission for anonymous users
libvirt-nodedev: Allow read-only access to virNodeDeviceGetAutostart
src/access/viraccessperm.h | 1 +
src/libvirt-nodedev.c | 1 -
2 files changed, 1 insertion(+), 1 deletion(-)
--
2.39.1
9:11 a.m.
New subject: [PATCH 1/2] access: Allow 'node-device.read' permission for anonymous users
For all other objects we allow the 'read' permission for anonymous
users. In fact the idea is to allow all permissions users using the
readonly connection would have.
This impacts the following APIs (in terms of RPC procedure names):
$ git grep -A 3 node_device:read | grep REMOTE
src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_GET_XML_DESC = 114,
src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_GET_PARENT = 115,
src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_NUM_OF_CAPS = 116,
src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_LIST_CAPS = 117,
src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_GET_AUTOSTART = 433,
src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_IS_PERSISTENT = 435,
src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_IS_ACTIVE = 436,
Fixes: a93cd08f
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/access/viraccessperm.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/access/viraccessperm.h b/src/access/viraccessperm.h
index 051246a7b6..2f04459ed9 100644
--- a/src/access/viraccessperm.h
+++ b/src/access/viraccessperm.h
@@ -473,6 +473,7 @@ typedef enum {
/**
* @desc: Read node device
* @message: Reading node device configuration requires authorization
+ * @anonymous: 1
*/
VIR_ACCESS_PERM_NODE_DEVICE_READ,
--
2.39.1
9:30 a.m.
New subject: [PATCH 1/2] access: Allow 'node-device.read' permission for anonymous users
On Fri, Feb 17, 2023 at 04:11:10PM +0100, Peter Krempa wrote:
For all other objects we allow the 'read' permission for
anonymous
users. In fact the idea is to allow all permissions users using the
readonly connection would have.
This impacts the following APIs (in terms of RPC procedure names):
$ git grep -A 3 node_device:read | grep REMOTE
src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_GET_XML_DESC = 114,
src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_GET_PARENT = 115,
src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_NUM_OF_CAPS = 116,
src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_LIST_CAPS = 117,
src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_GET_AUTOSTART = 433,
src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_IS_PERSISTENT = 435,
src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_IS_ACTIVE = 436,
Fixes: a93cd08f
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/access/viraccessperm.h | 1 +
1 file changed, 1 insertion(+)
Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com>
diff --git a/src/access/viraccessperm.h b/src/access/viraccessperm.h
index 051246a7b6..2f04459ed9 100644
--- a/src/access/viraccessperm.h
+++ b/src/access/viraccessperm.h
@@ -473,6 +473,7 @@ typedef enum {
/**
* @desc: Read node device
* @message: Reading node device configuration requires authorization
+ * @anonymous: 1
*/
VIR_ACCESS_PERM_NODE_DEVICE_READ,
--
2.39.1
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
9:11 a.m.
New subject: [PATCH 2/2] libvirt-nodedev: Allow read-only access to virNodeDeviceGetAutostart
Fetching whether a node-device is marked for autostart can be allowed
from read-only connections similarly to other objects.
Fixes: c6607a25b93
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/libvirt-nodedev.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/libvirt-nodedev.c b/src/libvirt-nodedev.c
index 1b7dee113e..366d2cfdbe 100644
--- a/src/libvirt-nodedev.c
+++ b/src/libvirt-nodedev.c
@@ -1089,7 +1089,6 @@ virNodeDeviceGetAutostart(virNodeDevicePtr dev,
virResetLastError();
virCheckNodeDeviceReturn(dev, -1);
- virCheckReadOnlyGoto(dev->conn->flags, error);
if (dev->conn->nodeDeviceDriver &&
dev->conn->nodeDeviceDriver->nodeDeviceGetAutostart) {
--
2.39.1
9:31 a.m.
New subject: [PATCH 2/2] libvirt-nodedev: Allow read-only access to virNodeDeviceGetAutostart
On Fri, Feb 17, 2023 at 04:11:11PM +0100, Peter Krempa wrote:
Fetching whether a node-device is marked for autostart can be
allowed
from read-only connections similarly to other objects.
Fixes: c6607a25b93
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/libvirt-nodedev.c | 1 -
1 file changed, 1 deletion(-)
Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com>
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
644
days inactive
644
days old
4 comments
2 participants
participants (2)
-
Daniel P. Berrangé -
Peter Krempa