[libvirt] [PATCH] Don't allow read only connection to use SECURE_XML
Seems to me that a read only connection shouldn't be able to dump domain xml with the SECURE flag. Attached patch blocks the attempt with an explicit error message. Thanks, Cole
On Fri, Mar 13, 2009 at 05:08:08PM -0400, Cole Robinson wrote:
Seems to me that a read only connection shouldn't be able to dump domain xml with the SECURE flag. Attached patch blocks the attempt with an explicit error message.
Agreed, good catch again ! ACK thanks, please push ! Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
On Fri, Mar 13, 2009 at 05:08:08PM -0400, Cole Robinson wrote:
Seems to me that a read only connection shouldn't be able to dump domain xml with the SECURE flag. Attached patch blocks the attempt with an explicit error message.
ACK, seems like a reasonable idea. Daniel
diff --git a/src/libvirt.c b/src/libvirt.c index bf3453a..6e73cff 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -2619,6 +2619,12 @@ virDomainGetXMLDesc(virDomainPtr domain, int flags)
conn = domain->conn;
+ if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) { + virLibConnError(conn, VIR_ERR_OPERATION_DENIED, + _("%s with secure flag"), __FUNCTION__); + goto error; + } + if (conn->driver->domainDumpXML) { char *ret; ret = conn->driver->domainDumpXML (domain, flags);
-- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
-- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
participants (3)
-
Cole Robinson -
Daniel P. Berrange -
Daniel Veillard