Re: [libvirt] [PATCHv2 1/5] domifaddr: Implement the public API
On 08/18/2013 01:19 AM, Osier Yang wrote:
>> +
>> + if (!VIR_IS_CONNECTED_DOMAIN(dom)) {
>> + virLibDomainError(VIR_ERR_INVALID_DOMAIN, __FUNCTION__);
>> + goto error;
>> + }
>> +
> I wonder if we need to add a check for VIR_CONNECT_RO in this method.
> Not sure whether is a good idea to expose the list of IP addrs to an
> unprivileged client or not.
All the API does is reading, no writing action is involved. So no RO
checking is needed. Any problem of the unpriviledge client gets
IP addrs of its own guests?
I also don't see a reason to add VIR_CONNECT_RO - UNLESS the way we
populate IP addresses is by asking the guest agent [hmm - @flags
probably ought to have multiple values, based on WHICH method is used
for querying IP addresses (a guest agent, vs. management of the dhcp
server, vs. traffic snooping) - and if a guest agent is involved, then
that particular use case must forbid read-only connections (we already
decided that any interaction with an untrusted guest-agent must be
limited to read-write connections to avoid problems).
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 621 bytes)