Re: [libvirt] [PATCH v2 0/5] Guest filesystem information API

On 11/20/2014 05:33 AM, Michal Privoznik wrote: >> I'm also hoping someone else (eblake?) can look at the >>remote_protocol.x >> changes to ensure they encompass everything they are supposed to. Also >> that the usage of QEMU_JOB_QUERY not _MODIFY for the GetFSInfo seems >> more appropriate and is in line with the various remote_protocol.x >> settings (@acl/@generate stuff settings). > > > @generate is correct, since both, client and server implementations are > provided. > @acl looks consistent to the rest. Correct, for querying domain info you > need to have read permission and that's it. Oh, wait. This is an interaction with the guest agent. We have already stated that ANY action that requires guest cooperation MUST require more than plain domain:read privileges (for example, creating a snapshot requires domain:fs_freeze if the quiesce flag is present; using virDomainShutdownFlags requires domain:write if the guest agent is involved). Since the main use of this API is to query the list of mountpoints that then feed virDomainFSFreeze, I think this should be @acl domain:fs_freeze, rather than domain:read. Even if it is a read-only operation, it makes more sense to treat this command as a family where a user is either given rights for all related freeze APIs or none of them.