[libvirt] [PATCH] Don't allow read only connection to use SECURE_XML - Devel - Libvirt List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

December

[libvirt] [PATCH] Don't allow read only connection to use SECURE_XML

[libvirt] The gui should drop the...

[libvirt] [PATCH] Fix test driver...

Cole Robinson

Friday, 13 March 2009 Fri, 13 Mar '09

4:08 p.m.

Seems to me that a read only connection shouldn't be able to dump domain xml with the SECURE flag. Attached patch blocks the attempt with an explicit error message. Thanks, Cole

Attachments:

libvirt-ro-secure-xml.patch (text/x-patch — 569 bytes)

Reply

Show replies by date

Daniel Veillard

Saturday, 14 March Sat, 14 Mar

4:38 a.m.

On Fri, Mar 13, 2009 at 05:08:08PM -0400, Cole Robinson wrote:

Seems to me that a read only connection shouldn't be able to dump domain xml with the SECURE flag. Attached patch blocks the attempt with an explicit error message.

Agreed, good catch again ! ACK thanks, please push ! Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/

Reply

Daniel P. Berrange

Monday, 16 March Mon, 16 Mar

4:40 a.m.

On Fri, Mar 13, 2009 at 05:08:08PM -0400, Cole Robinson wrote:

Seems to me that a read only connection shouldn't be able to dump domain xml with the SECURE flag. Attached patch blocks the attempt with an explicit error message.

ACK, seems like a reasonable idea. Daniel

diff --git a/src/libvirt.c b/src/libvirt.c index bf3453a..6e73cff 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -2619,6 +2619,12 @@ virDomainGetXMLDesc(virDomainPtr domain, int flags) conn = domain->conn; + if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) { + virLibConnError(conn, VIR_ERR_OPERATION_DENIED, + _("%s with secure flag"), __FUNCTION__); + goto error; + } + if (conn->driver->domainDumpXML) { char *ret; ret = conn->driver->domainDumpXML (domain, flags);

-- Libvir-list mailing list Libvir-list(a)redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

-- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

Reply

Cole Robinson

12:22 p.m.

Cole Robinson wrote:

Seems to me that a read only connection shouldn't be able to dump domain xml with the SECURE flag. Attached patch blocks the attempt with an explicit error message.

Applied now. Thanks, Cole

Reply

5732

days inactive

5735

days old

devel@lists.libvirt.org

Manage subscription

3 comments

3 participants

tags (0)

participants (3)

Cole Robinson
Daniel P. Berrange
Daniel Veillard