[libvirt] [PATCH v2 0/2] Couple of RO/RW connection fixes
diff to v1: - After some discussion with Daniel, allow virDomainInterfaceAddresses on RO only if it does not end up talking to guest agent. - Also fix virDomainGetTime Michal Privoznik (2): virDomainInterfaceAddresses: Allow API on RO connection too virDomainGetTime: Deny on RO connections src/libvirt-domain.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- 2.4.10
This API does not change domain state. However, we have a policy that an API talking to a guest agent requires RW access. But that happens only if source == VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/libvirt-domain.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index 677a9ad..02fc4df 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -11546,7 +11546,8 @@ virDomainInterfaceAddresses(virDomainPtr dom, *ifaces = NULL; virCheckDomainReturn(dom, -1); virCheckNonNullArgGoto(ifaces, error); - virCheckReadOnlyGoto(dom->conn->flags, error); + if (source == VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT) + virCheckReadOnlyGoto(dom->conn->flags, error); if (dom->conn->driver->domainInterfaceAddresses) { int ret; -- 2.4.10
On Mon, Jan 11, 2016 at 01:38:13PM +0100, Michal Privoznik wrote:
This API does not change domain state. However, we have a policy that an API talking to a guest agent requires RW access. But that happens only if source == VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/libvirt-domain.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index 677a9ad..02fc4df 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -11546,7 +11546,8 @@ virDomainInterfaceAddresses(virDomainPtr dom, *ifaces = NULL; virCheckDomainReturn(dom, -1); virCheckNonNullArgGoto(ifaces, error); - virCheckReadOnlyGoto(dom->conn->flags, error); + if (source == VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT) + virCheckReadOnlyGoto(dom->conn->flags, error);
if (dom->conn->driver->domainInterfaceAddresses) { int ret;
ACK Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
We have a policy that if API may end up talking to a guest agent it should require RW connection. We don't obey the rule in virDomainGetTime(). Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/libvirt-domain.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index 02fc4df..9491845 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -10934,6 +10934,7 @@ virDomainGetTime(virDomainPtr dom, virResetLastError(); virCheckDomainReturn(dom, -1); + virCheckReadOnlyGoto(dom->conn->flags, error); if (dom->conn->driver->domainGetTime) { int ret = dom->conn->driver->domainGetTime(dom, seconds, -- 2.4.10
On Mon, Jan 11, 2016 at 01:38:14PM +0100, Michal Privoznik wrote:
We have a policy that if API may end up talking to a guest agent it should require RW connection. We don't obey the rule in virDomainGetTime().
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/libvirt-domain.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index 02fc4df..9491845 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -10934,6 +10934,7 @@ virDomainGetTime(virDomainPtr dom, virResetLastError();
virCheckDomainReturn(dom, -1); + virCheckReadOnlyGoto(dom->conn->flags, error);
if (dom->conn->driver->domainGetTime) { int ret = dom->conn->driver->domainGetTime(dom, seconds,
ACK Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
participants (2)
-
Daniel P. Berrange -
Michal Privoznik