[libvirt PATCH] remote: don't allow dirty rate API with read permission
This API interacts with the hypervisor and makes changes to its behaviour, so must be protected by the write permission. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_protocol.x | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index 7fdc65f029..743c21b316 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -6743,7 +6743,7 @@ enum remote_procedure { /** * @generate: both - * @acl: domain:read + * @acl: domain:write */ REMOTE_PROC_DOMAIN_START_DIRTY_RATE_CALC = 427 }; -- 2.30.2
On a Monday in 2021, Daniel P. Berrangé wrote:
This API interacts with the hypervisor and makes changes to its behaviour, so must be protected by the write permission.
Should qemuDomainStartDirtyRateCalc then take a different job than QEMU_JOB_QUERY?
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_protocol.x | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index 7fdc65f029..743c21b316 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -6743,7 +6743,7 @@ enum remote_procedure {
/** * @generate: both - * @acl: domain:read + * @acl: domain:write */ REMOTE_PROC_DOMAIN_START_DIRTY_RATE_CALC = 427 };
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
On 3/29/21 12:59 PM, Ján Tomko wrote:
On a Monday in 2021, Daniel P. Berrangé wrote:
This API interacts with the hypervisor and makes changes to its behaviour, so must be protected by the write permission.
Should qemuDomainStartDirtyRateCalc then take a different job than QEMU_JOB_QUERY?
In the light if this patch it should. Since I was the one who merged the patch, let me post the fix. Michal
participants (3)
-
Daniel P. Berrangé -
Ján Tomko -
Michal Privoznik