[libvirt] [PATCH] virsh: fixed domdisplay command
Eric Blake
eblake at redhat.com
Mon Jul 23 19:42:43 UTC 2012
On 07/23/2012 12:51 PM, Martin Kletzander wrote:
> The 'domdisplay' command didn't properly evaluate '--include-password'
> option.
> ---
> tools/virsh.c | 35 +++++++++++++++++++++++------------
> 1 files changed, 23 insertions(+), 12 deletions(-)
In addition to Doug's review...
> - doc = virDomainGetXMLDesc(dom, 0);
> + if (!vshCommandOptBool(cmd, "include-password"))
> + doc = virDomainGetXMLDesc(dom, 0);
> + else {
> + if (ctl->conn->flags & VIR_DOMAIN_XML_SECURE) {
> + vshError(ctl, _("Cannot get password with read-only connection"));
> + goto cleanup;
> + }
We shouldn't have to do this filtering here. Just attempt the access
always (when the options say to); it (better) fail at the driver level
if the connection was read-only, for less work here in virsh, and so
that we can actually validate that the security checking is being done
at the driver level.
--
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120723/8cf08257/attachment-0001.sig>
More information about the libvir-list
mailing list