On Tue, Aug 08, 2017 at 13:32:51 +0530, Kothapally Madhu Pavan wrote:
This commit adds qemu driver implementation to get xml description for managed save state domain.
Signed-off-by: Kothapally Madhu Pavan <kmp@linux.vnet.ibm.com> --- src/qemu/qemu_driver.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index b3f65f4..ec73dc1 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -6797,6 +6797,51 @@ qemuDomainSaveImageDefineXML(virConnectPtr conn, const char *path, return ret; }
+static char * +qemuDomainManagedSaveGetXMLDesc(virDomainPtr dom, unsigned int flags) +{ + virQEMUDriverPtr driver = dom->conn->privateData; + virDomainObjPtr vm; + char *path = NULL; + char *ret = NULL; + virDomainDefPtr def = NULL; + int fd = -1; + virQEMUSaveDataPtr data = NULL; + + /* We only take subset of virDomainDefFormat flags. */ + virCheckFlags(VIR_DOMAIN_XML_SECURE, NULL); + + if (!(vm = qemuDomObjFromDomain(dom))) + return ret; + + path = qemuDomainManagedSavePath(driver, vm); + + if (!path) + goto cleanup; + + if (!virFileExists(path)) { + virReportError(VIR_ERR_OPERATION_INVALID, + "%s",_("domain does not have managed save image")); + goto cleanup; + } + + fd = qemuDomainSaveImageOpen(driver, path, &def, &data, + false, NULL, false, false); + if (fd < 0) + goto cleanup; + if (virDomainManagedSaveGetXMLDescEnsureACL(dom->conn, def, flags) < 0) + goto cleanup;
Since you have the 'vm' object at the beginning, I think the ACL check should be done right away with vm->def in this case. The ACL check should only need the name and UUID from the definition and thus can be run earlier. This will mitigate a possible side channel, where we'd return 'domain does not have managed save image' instead of the "access denied" message. I'll do this adjustment locally along with others pointed out. I might finish this until the freeze tomorrow.