Re: [libvirt] [PATCH] virsh: fixed domdisplay command
On 07/23/2012 12:51 PM, Martin Kletzander wrote:
The 'domdisplay' command didn't properly evaluate
'--include-password'
option.
---
tools/virsh.c | 35 +++++++++++++++++++++++------------
1 files changed, 23 insertions(+), 12 deletions(-)
In addition to Doug's review...
- doc = virDomainGetXMLDesc(dom, 0);
+ if (!vshCommandOptBool(cmd, "include-password"))
+ doc = virDomainGetXMLDesc(dom, 0);
+ else {
+ if (ctl->conn->flags & VIR_DOMAIN_XML_SECURE) {
+ vshError(ctl, _("Cannot get password with read-only
connection"));
+ goto cleanup;
+ }
We shouldn't have to do this filtering here. Just attempt the access
always (when the options say to); it (better) fail at the driver level
if the connection was read-only, for less work here in virsh, and so
that we can actually validate that the security checking is being done
at the driver level.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 620 bytes)