8:26 a.m.
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Insert calls to the ACL checking APIs in all LXC driver
entrypoints.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/lxc/lxc_driver.c | 219 ++++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 207 insertions(+), 12 deletions(-)
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index 997f81d..e590612 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -68,6 +68,8 @@
#include "virtypedparam.h"
#include "viruri.h"
#include "virstring.h"
+#include "access/viraccessapicheck.h"
+#include "access/viraccessapichecklxc.h"
#define VIR_FROM_THIS VIR_FROM_LXC
@@ -148,6 +150,9 @@ static virDrvOpenStatus lxcConnectOpen(virConnectPtr conn,
}
}
+ if (virConnectOpenEnsureACL(conn) < 0)
+ return VIR_DRV_OPEN_ERROR;
+
conn->privateData = lxc_driver;
return VIR_DRV_OPEN_SUCCESS;
@@ -190,6 +195,9 @@ static char *lxcConnectGetCapabilities(virConnectPtr conn) {
virLXCDriverPtr driver = conn->privateData;
char *xml;
+ if (virConnectGetCapabilitiesEnsureACL(conn) < 0)
+ return NULL;
+
lxcDriverLock(driver);
if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
virReportOOMError();
@@ -216,6 +224,9 @@ static virDomainPtr lxcDomainLookupByID(virConnectPtr conn,
goto cleanup;
}
+ if (virDomainLookupByIDEnsureACL(conn, vm->def) < 0)
+ goto cleanup;
+
dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
if (dom)
dom->id = vm->def->id;
@@ -245,6 +256,9 @@ static virDomainPtr lxcDomainLookupByUUID(virConnectPtr conn,
goto cleanup;
}
+ if (virDomainLookupByUUIDEnsureACL(conn, vm->def) < 0)
+ goto cleanup;
+
dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
if (dom)
dom->id = vm->def->id;
@@ -271,6 +285,9 @@ static virDomainPtr lxcDomainLookupByName(virConnectPtr conn,
goto cleanup;
}
+ if (virDomainLookupByNameEnsureACL(conn, vm->def) < 0)
+ goto cleanup;
+
dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
if (dom)
dom->id = vm->def->id;
@@ -298,6 +315,10 @@ static int lxcDomainIsActive(virDomainPtr dom)
_("No domain with matching uuid '%s'"),
uuidstr);
goto cleanup;
}
+
+ if (virDomainIsActiveEnsureACL(dom->conn, obj->def) < 0)
+ goto cleanup;
+
ret = virDomainObjIsActive(obj);
cleanup:
@@ -323,6 +344,10 @@ static int lxcDomainIsPersistent(virDomainPtr dom)
_("No domain with matching uuid '%s'"),
uuidstr);
goto cleanup;
}
+
+ if (virDomainIsPersistentEnsureACL(dom->conn, obj->def) < 0)
+ goto cleanup;
+
ret = obj->persistent;
cleanup:
@@ -347,6 +372,10 @@ static int lxcDomainIsUpdated(virDomainPtr dom)
_("No domain with matching uuid '%s'"),
uuidstr);
goto cleanup;
}
+
+ if (virDomainIsUpdatedEnsureACL(dom->conn, obj->def) < 0)
+ goto cleanup;
+
ret = obj->updated;
cleanup:
@@ -359,6 +388,9 @@ static int lxcConnectListDomains(virConnectPtr conn, int *ids, int
nids) {
virLXCDriverPtr driver = conn->privateData;
int n;
+ if (virConnectListDomainsEnsureACL(conn) < 0)
+ return -1;
+
lxcDriverLock(driver);
n = virDomainObjListGetActiveIDs(driver->domains, ids, nids);
lxcDriverUnlock(driver);
@@ -370,6 +402,9 @@ static int lxcConnectNumOfDomains(virConnectPtr conn) {
virLXCDriverPtr driver = conn->privateData;
int n;
+ if (virConnectNumOfDomainsEnsureACL(conn) < 0)
+ return -1;
+
lxcDriverLock(driver);
n = virDomainObjListNumOfDomains(driver->domains, 1);
lxcDriverUnlock(driver);
@@ -382,6 +417,9 @@ static int lxcConnectListDefinedDomains(virConnectPtr conn,
virLXCDriverPtr driver = conn->privateData;
int n;
+ if (virConnectListDefinedDomainsEnsureACL(conn) < 0)
+ return -1;
+
lxcDriverLock(driver);
n = virDomainObjListGetInactiveNames(driver->domains, names, nnames);
lxcDriverUnlock(driver);
@@ -394,6 +432,9 @@ static int lxcConnectNumOfDefinedDomains(virConnectPtr conn) {
virLXCDriverPtr driver = conn->privateData;
int n;
+ if (virConnectNumOfDefinedDomainsEnsureACL(conn) < 0)
+ return -1;
+
lxcDriverLock(driver);
n = virDomainObjListNumOfDomains(driver->domains, 0);
lxcDriverUnlock(driver);
@@ -418,6 +459,9 @@ static virDomainPtr lxcDomainDefineXML(virConnectPtr conn, const char
*xml)
VIR_DOMAIN_XML_INACTIVE)))
goto cleanup;
+ if (virDomainDefineXMLEnsureACL(conn, def) < 0)
+ goto cleanup;
+
if (virSecurityManagerVerify(driver->securityManager, def) < 0)
goto cleanup;
@@ -482,6 +526,9 @@ static int lxcDomainUndefineFlags(virDomainPtr dom,
goto cleanup;
}
+ if (virDomainUndefineFlagsEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!vm->persistent) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Cannot undefine transient domain"));
@@ -541,6 +588,9 @@ static int lxcDomainGetInfo(virDomainPtr dom,
priv = vm->privateData;
+ if (virDomainGetInfoEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
info->state = virDomainObjGetState(vm, NULL);
if (!virDomainObjIsActive(vm)) {
@@ -599,6 +649,9 @@ lxcDomainGetState(virDomainPtr dom,
goto cleanup;
}
+ if (virDomainGetStateEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
*state = virDomainObjGetState(vm, reason);
ret = 0;
@@ -626,7 +679,11 @@ static char *lxcDomainGetOSType(virDomainPtr dom)
goto cleanup;
}
- ignore_value(VIR_STRDUP(ret, vm->def->os.type));
+ if (virDomainGetOSTypeEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
+ if (VIR_STRDUP(ret, vm->def->os.type) < 0)
+ goto cleanup;
cleanup:
if (vm)
@@ -654,6 +711,9 @@ lxcDomainGetMaxMemory(virDomainPtr dom)
goto cleanup;
}
+ if (virDomainGetMaxMemoryEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
ret = vm->def->mem.max_balloon;
cleanup:
@@ -679,6 +739,9 @@ static int lxcDomainSetMaxMemory(virDomainPtr dom, unsigned long
newmax) {
goto cleanup;
}
+ if (virDomainSetMaxMemoryEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (newmax < vm->def->mem.cur_balloon) {
virReportError(VIR_ERR_INVALID_ARG,
"%s", _("Cannot set max memory lower than current
memory"));
@@ -712,6 +775,9 @@ static int lxcDomainSetMemory(virDomainPtr dom, unsigned long newmem)
{
}
priv = vm->privateData;
+ if (virDomainSetMemoryEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (newmem > vm->def->mem.max_balloon) {
virReportError(VIR_ERR_INVALID_ARG,
"%s", _("Cannot set memory higher than max
memory"));
@@ -774,6 +840,9 @@ lxcDomainSetMemoryParameters(virDomainPtr dom,
}
priv = vm->privateData;
+ if (virDomainSetMemoryParametersEnsureACL(dom->conn, vm->def, flags) < 0)
+ goto cleanup;
+
ret = 0;
for (i = 0; i < nparams; i++) {
virTypedParameterPtr param = ¶ms[i];
@@ -837,6 +906,9 @@ lxcDomainGetMemoryParameters(virDomainPtr dom,
}
priv = vm->privateData;
+ if (virDomainGetMemoryParametersEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if ((*nparams) == 0) {
/* Current number of memory parameters supported by cgroups */
*nparams = LXC_NB_MEM_PARAM;
@@ -923,6 +995,9 @@ static char *lxcDomainGetXMLDesc(virDomainPtr dom,
goto cleanup;
}
+ if (virDomainGetXMLDescEnsureACL(dom->conn, vm->def, flags) < 0)
+ goto cleanup;
+
ret = virDomainDefFormat((flags & VIR_DOMAIN_XML_INACTIVE) &&
vm->newDef ? vm->newDef : vm->def,
flags);
@@ -961,6 +1036,9 @@ static int lxcDomainCreateWithFlags(virDomainPtr dom, unsigned int
flags)
goto cleanup;
}
+ if (virDomainCreateWithFlagsEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if ((vm->def->nets != NULL) && !(driver->have_netns)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("System lacks NETNS support"));
@@ -1036,6 +1114,9 @@ lxcDomainCreateXML(virConnectPtr conn,
VIR_DOMAIN_XML_INACTIVE)))
goto cleanup;
+ if (virDomainCreateXMLEnsureACL(conn, def) < 0)
+ goto cleanup;
+
if (virSecurityManagerVerify(driver->securityManager, def) < 0)
goto cleanup;
@@ -1101,6 +1182,9 @@ static int lxcDomainGetSecurityLabel(virDomainPtr dom,
virSecurityLabelPtr secla
goto cleanup;
}
+ if (virDomainGetSecurityLabelEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainVirtTypeToString(vm->def->virtType)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("unknown virt type in domain definition
'%d'"),
@@ -1157,6 +1241,9 @@ static int lxcNodeGetSecurityModel(virConnectPtr conn,
lxcDriverLock(driver);
memset(secmodel, 0, sizeof(*secmodel));
+ if (virNodeGetSecurityModelEnsureACL(conn) < 0)
+ goto cleanup;
+
/* we treat no driver as success, but simply return no data in *secmodel */
if (driver->caps->host.nsecModels == 0
|| driver->caps->host.secModels[0].model == NULL)
@@ -1195,6 +1282,9 @@ lxcConnectDomainEventRegister(virConnectPtr conn,
virLXCDriverPtr driver = conn->privateData;
int ret;
+ if (virConnectDomainEventRegisterEnsureACL(conn) < 0)
+ return -1;
+
lxcDriverLock(driver);
ret = virDomainEventStateRegister(conn,
driver->domainEventState,
@@ -1212,6 +1302,9 @@ lxcConnectDomainEventDeregister(virConnectPtr conn,
virLXCDriverPtr driver = conn->privateData;
int ret;
+ if (virConnectDomainEventDeregisterEnsureACL(conn) < 0)
+ return -1;
+
lxcDriverLock(driver);
ret = virDomainEventStateDeregister(conn,
driver->domainEventState,
@@ -1233,6 +1326,9 @@ lxcConnectDomainEventRegisterAny(virConnectPtr conn,
virLXCDriverPtr driver = conn->privateData;
int ret;
+ if (virConnectDomainEventRegisterAnyEnsureACL(conn) < 0)
+ return -1;
+
lxcDriverLock(driver);
if (virDomainEventStateRegisterID(conn,
driver->domainEventState,
@@ -1252,6 +1348,9 @@ lxcConnectDomainEventDeregisterAny(virConnectPtr conn,
virLXCDriverPtr driver = conn->privateData;
int ret;
+ if (virConnectDomainEventDeregisterAnyEnsureACL(conn) < 0)
+ return -1;
+
lxcDriverLock(driver);
ret = virDomainEventStateDeregisterID(conn,
driver->domainEventState,
@@ -1293,6 +1392,9 @@ lxcDomainDestroyFlags(virDomainPtr dom,
goto cleanup;
}
+ if (virDomainDestroyFlagsEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Domain is not running"));
@@ -1544,12 +1646,15 @@ static int lxcStateCleanup(void)
}
-static int lxcConnectGetVersion(virConnectPtr conn ATTRIBUTE_UNUSED, unsigned long
*version)
+static int lxcConnectGetVersion(virConnectPtr conn, unsigned long *version)
{
struct utsname ver;
uname(&ver);
+ if (virConnectGetVersionEnsureACL(conn) < 0)
+ return -1;
+
if (virParseVersionString(ver.release, version, true) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, _("Unknown release: %s"),
ver.release);
return -1;
@@ -1559,8 +1664,11 @@ static int lxcConnectGetVersion(virConnectPtr conn
ATTRIBUTE_UNUSED, unsigned lo
}
-static char *lxcConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED)
+static char *lxcConnectGetHostname(virConnectPtr conn)
{
+ if (virConnectGetHostnameEnsureACL(conn) < 0)
+ return NULL;
+
return virGetHostname();
}
@@ -1617,6 +1725,9 @@ static char *lxcDomainGetSchedulerType(virDomainPtr dom,
}
priv = vm->privateData;
+ if (virDomainGetSchedulerTypeEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPU)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("cgroup CPU controller is not
mounted"));
@@ -1753,6 +1864,9 @@ lxcDomainSetSchedulerParametersFlags(virDomainPtr dom,
}
priv = vm->privateData;
+ if (virDomainSetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def, flags)
< 0)
+ goto cleanup;
+
if (virDomainLiveConfigHelperMethod(driver->caps, driver->xmlopt,
vm, &flags, &vmdef) < 0)
goto cleanup;
@@ -1882,6 +1996,9 @@ lxcDomainGetSchedulerParametersFlags(virDomainPtr dom,
}
priv = vm->privateData;
+ if (virDomainGetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (*nparams > 1) {
rc = lxcGetCpuBWStatus(priv->cgroup);
if (rc < 0)
@@ -1996,6 +2113,9 @@ lxcDomainSetBlkioParameters(virDomainPtr dom,
}
priv = vm->privateData;
+ if (virDomainSetBlkioParametersEnsureACL(dom->conn, vm->def, flags) < 0)
+ goto cleanup;
+
if (virDomainLiveConfigHelperMethod(driver->caps, driver->xmlopt,
vm, &flags, &persistentDef) < 0)
goto cleanup;
@@ -2088,6 +2208,9 @@ lxcDomainGetBlkioParameters(virDomainPtr dom,
}
priv = vm->privateData;
+ if (virDomainGetBlkioParametersEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if ((*nparams) == 0) {
/* Current number of blkio parameters supported by cgroups */
*nparams = LXC_NB_BLKIO_PARAM;
@@ -2184,6 +2307,9 @@ lxcDomainInterfaceStats(virDomainPtr dom,
goto cleanup;
}
+ if (virDomainInterfaceStatsEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Domain is not running"));
@@ -2239,6 +2365,9 @@ static int lxcDomainGetAutostart(virDomainPtr dom,
goto cleanup;
}
+ if (virDomainGetAutostartEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
*autostart = vm->autostart;
ret = 0;
@@ -2266,6 +2395,9 @@ static int lxcDomainSetAutostart(virDomainPtr dom,
goto cleanup;
}
+ if (virDomainSetAutostartEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!vm->persistent) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Cannot set autostart for transient
domain"));
@@ -2427,6 +2559,9 @@ static int lxcDomainSuspend(virDomainPtr dom)
goto cleanup;
}
+ if (virDomainSuspendEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Domain is not running"));
@@ -2480,6 +2615,9 @@ static int lxcDomainResume(virDomainPtr dom)
priv = vm->privateData;
+ if (virDomainResumeEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Domain is not running"));
@@ -2537,6 +2675,9 @@ lxcDomainOpenConsole(virDomainPtr dom,
goto cleanup;
}
+ if (virDomainOpenConsoleEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("domain is not running"));
@@ -2617,6 +2758,9 @@ lxcDomainSendProcessSignal(virDomainPtr dom,
}
priv = vm->privateData;
+ if (virDomainSendProcessSignalEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("domain is not running"));
@@ -2672,6 +2816,9 @@ lxcConnectListAllDomains(virConnectPtr conn,
virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ALL, -1);
+ if (virConnectListAllDomainsEnsureACL(conn) < 0)
+ return -1;
+
lxcDriverLock(driver);
ret = virDomainObjListExport(driver->domains, conn, domains, flags);
lxcDriverUnlock(driver);
@@ -2708,6 +2855,9 @@ lxcDomainShutdownFlags(virDomainPtr dom,
priv = vm->privateData;
+ if (virDomainShutdownFlagsEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Domain is not running"));
@@ -2797,6 +2947,9 @@ lxcDomainReboot(virDomainPtr dom,
priv = vm->privateData;
+ if (virDomainRebootEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Domain is not running"));
@@ -4153,6 +4306,9 @@ static int lxcDomainAttachDeviceFlags(virDomainPtr dom,
goto cleanup;
}
+ if (virDomainAttachDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+ goto cleanup;
+
if (virDomainObjIsActive(vm)) {
if (affect == VIR_DOMAIN_AFFECT_CURRENT)
flags |= VIR_DOMAIN_AFFECT_LIVE;
@@ -4278,6 +4434,9 @@ static int lxcDomainUpdateDeviceFlags(virDomainPtr dom,
goto cleanup;
}
+ if (virDomainUpdateDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+ goto cleanup;
+
if (virDomainObjIsActive(vm)) {
if (affect == VIR_DOMAIN_AFFECT_CURRENT)
flags |= VIR_DOMAIN_AFFECT_LIVE;
@@ -4387,6 +4546,9 @@ static int lxcDomainDetachDeviceFlags(virDomainPtr dom,
goto cleanup;
}
+ if (virDomainDetachDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+ goto cleanup;
+
if (virDomainObjIsActive(vm)) {
if (affect == VIR_DOMAIN_AFFECT_CURRENT)
flags |= VIR_DOMAIN_AFFECT_LIVE;
@@ -4510,6 +4672,9 @@ static int lxcDomainLxcOpenNamespace(virDomainPtr dom,
}
priv = vm->privateData;
+ if (virDomainLxcOpenNamespaceEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Domain is not running"));
@@ -4541,6 +4706,9 @@ lxcConnectGetSysinfo(virConnectPtr conn, unsigned int flags)
virCheckFlags(0, NULL);
+ if (virConnectGetSysinfoEnsureACL(conn) < 0)
+ return NULL;
+
if (!driver->hostsysinfo) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Host SMBIOS information is not available"));
@@ -4558,88 +4726,115 @@ lxcConnectGetSysinfo(virConnectPtr conn, unsigned int flags)
static int
-lxcNodeGetInfo(virConnectPtr conn ATTRIBUTE_UNUSED,
+lxcNodeGetInfo(virConnectPtr conn,
virNodeInfoPtr nodeinfo)
{
+ if (virNodeGetInfoEnsureACL(conn) < 0)
+ return -1;
+
return nodeGetInfo(nodeinfo);
}
static int
-lxcNodeGetCPUStats(virConnectPtr conn ATTRIBUTE_UNUSED,
+lxcNodeGetCPUStats(virConnectPtr conn,
int cpuNum,
virNodeCPUStatsPtr params,
int *nparams,
unsigned int flags)
{
+ if (virNodeGetCPUStatsEnsureACL(conn) < 0)
+ return -1;
+
return nodeGetCPUStats(cpuNum, params, nparams, flags);
}
static int
-lxcNodeGetMemoryStats(virConnectPtr conn ATTRIBUTE_UNUSED,
+lxcNodeGetMemoryStats(virConnectPtr conn,
int cellNum,
virNodeMemoryStatsPtr params,
int *nparams,
unsigned int flags)
{
+ if (virNodeGetMemoryStatsEnsureACL(conn) < 0)
+ return -1;
+
return nodeGetMemoryStats(cellNum, params, nparams, flags);
}
static int
-lxcNodeGetCellsFreeMemory(virConnectPtr conn ATTRIBUTE_UNUSED,
+lxcNodeGetCellsFreeMemory(virConnectPtr conn,
unsigned long long *freeMems,
int startCell,
int maxCells)
{
+ if (virNodeGetCellsFreeMemoryEnsureACL(conn) < 0)
+ return -1;
+
return nodeGetCellsFreeMemory(freeMems, startCell, maxCells);
}
static unsigned long long
-lxcNodeGetFreeMemory(virConnectPtr conn ATTRIBUTE_UNUSED)
+lxcNodeGetFreeMemory(virConnectPtr conn)
{
+ if (virNodeGetFreeMemoryEnsureACL(conn) < 0)
+ return 0;
+
return nodeGetFreeMemory();
}
static int
-lxcNodeGetMemoryParameters(virConnectPtr conn ATTRIBUTE_UNUSED,
+lxcNodeGetMemoryParameters(virConnectPtr conn,
virTypedParameterPtr params,
int *nparams,
unsigned int flags)
{
+ if (virNodeGetMemoryParametersEnsureACL(conn) < 0)
+ return -1;
+
return nodeGetMemoryParameters(params, nparams, flags);
}
static int
-lxcNodeSetMemoryParameters(virConnectPtr conn ATTRIBUTE_UNUSED,
+lxcNodeSetMemoryParameters(virConnectPtr conn,
virTypedParameterPtr params,
int nparams,
unsigned int flags)
{
+ if (virNodeSetMemoryParametersEnsureACL(conn) < 0)
+ return -1;
+
return nodeSetMemoryParameters(params, nparams, flags);
}
static int
-lxcNodeGetCPUMap(virConnectPtr conn ATTRIBUTE_UNUSED,
+lxcNodeGetCPUMap(virConnectPtr conn,
unsigned char **cpumap,
unsigned int *online,
unsigned int flags)
{
+ if (virNodeGetCPUMapEnsureACL(conn) < 0)
+ return -1;
+
return nodeGetCPUMap(cpumap, online, flags);
}
static int
-lxcNodeSuspendForDuration(virConnectPtr conn ATTRIBUTE_UNUSED,
+lxcNodeSuspendForDuration(virConnectPtr conn,
unsigned int target,
unsigned long long duration,
unsigned int flags)
{
+ if (virNodeSuspendForDurationEnsureACL(conn) < 0)
+ return -1;
+
return nodeSuspendForDuration(target, duration, flags);
}
--
1.8.1.4