On 07/23/2012 12:51 PM, Martin Kletzander wrote:
The 'domdisplay' command didn't properly evaluate '--include-password' option. --- tools/virsh.c | 35 +++++++++++++++++++++++------------ 1 files changed, 23 insertions(+), 12 deletions(-)
In addition to Doug's review...
- doc = virDomainGetXMLDesc(dom, 0); + if (!vshCommandOptBool(cmd, "include-password")) + doc = virDomainGetXMLDesc(dom, 0); + else { + if (ctl->conn->flags & VIR_DOMAIN_XML_SECURE) { + vshError(ctl, _("Cannot get password with read-only connection")); + goto cleanup; + }
We shouldn't have to do this filtering here. Just attempt the access always (when the options say to); it (better) fail at the driver level if the connection was read-only, for less work here in virsh, and so that we can actually validate that the security checking is being done at the driver level. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org