The interlocking with snapshots is executed prior to the ACL check so if a VM has snapshots invoking the checkpoint API may leak it's existance. Introduced with the qemuDomainCheckpointCreateXML API implementation in commit 5f4e0796503. Signed-off-by: Peter Krempa <pkrempa(a)redhat.com&gt; --- Split out from the checkpoint refactor series as I didn't notice this one originally. src/qemu/qemu_driver.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index d5f5fd6990..3b2eb30606 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -17283,18 +17283,18 @@ qemuDomainCheckpointCreateXML(virDomainPtr domain, if (!(vm = qemuDomObjFromDomain(domain))) goto cleanup; - if (virDomainSnapshotObjListNum(vm->snapshots, NULL, 0) > 0) { - virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", - _("cannot create checkpoint while snapshot exists")); - goto cleanup; - } - priv = vm->privateData; cfg = virQEMUDriverGetConfig(driver); if (virDomainCheckpointCreateXMLEnsureACL(domain->conn, vm->def, flags) < 0) goto cleanup; + if (virDomainSnapshotObjListNum(vm->snapshots, NULL, 0) > 0) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("cannot create checkpoint while snapshot exists")); + goto cleanup; + } + if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_BITMAP_MERGE)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("qemu binary lacks persistent bitmaps support")); -- 2.21.0