On 08/18/2013 01:19 AM, Osier Yang wrote:
+ + if (!VIR_IS_CONNECTED_DOMAIN(dom)) { + virLibDomainError(VIR_ERR_INVALID_DOMAIN, __FUNCTION__); + goto error; + } + I wonder if we need to add a check for VIR_CONNECT_RO in this method. Not sure whether is a good idea to expose the list of IP addrs to an unprivileged client or not.
All the API does is reading, no writing action is involved. So no RO checking is needed. Any problem of the unpriviledge client gets IP addrs of its own guests?
I also don't see a reason to add VIR_CONNECT_RO - UNLESS the way we populate IP addresses is by asking the guest agent [hmm - @flags probably ought to have multiple values, based on WHICH method is used for querying IP addresses (a guest agent, vs. management of the dhcp server, vs. traffic snooping) - and if a guest agent is involved, then that particular use case must forbid read-only connections (we already decided that any interaction with an untrusted guest-agent must be limited to read-write connections to avoid problems). -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org