[libvirt] [PATCH 19/19] Add validation that all APIs contain ACL checks
Daniel P. Berrange
berrange at redhat.com
Mon Jun 24 14:29:47 UTC 2013
On Fri, Jun 21, 2013 at 11:17:09AM +0200, Michal Privoznik wrote:
> On 19.06.2013 19:01, Daniel P. Berrange wrote:
> > From: "Daniel P. Berrange" <berrange at redhat.com>
> >
> > Add a script which parses the driver API code and validates
> > that every API registered in a virNNNDriverPtr table contains
> > an ACL check matching the API name.
> >
> > Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> > ---
> > src/Makefile.am | 22 +++++++-
> > src/check-aclrules.pl | 144 ++++++++++++++++++++++++++++++++++++++++++++++++++
> > 2 files changed, 164 insertions(+), 2 deletions(-)
> > create mode 100644 src/check-aclrules.pl
>
> You need to update the ACL checks as I'm getting these errors:
>
> libxl/libxl_driver.c:3771 Mismatch check 'virDomainLookupByIDEnsureACL' for function 'libxlDomainCreateXML'
> libxl/libxl_driver.c:3802 Mismatch check 'virDomainLookupByUUIDEnsureACL' for function 'libxlDomainLookupByID'
> libxl/libxl_driver.c:3831 Mismatch check 'virDomainLookupByNameEnsureACL' for function 'libxlDomainLookupByUUID'
> libxl/libxl_driver.c:6775 Missing ACL check in function 'libxlDomainLookupByName' for 'domainLookupByName'
I think those are a merge error on your tree - they are all correct
in my tree.
> GEN check-augeas-lockd
> xen/xen_driver.c:113189 Mismatch check 'virDomainGetSchedulerParametersEnsureACL' for function 'xenUnifiedDomainGetSchedulerParametersFlags'
> xen/xen_driver.c:113800 Missing ACL check in function 'xenUnifiedDomainRestore' for 'domainRestore'
> xen/xen_driver.c:113801 Missing ACL check in function 'xenUnifiedDomainRestoreFlags' for 'domainRestoreFlags'
> xen/xen_driver.c:113831 Missing ACL check in function 'xenUnifiedDomainMigratePrepare' for 'domainMigratePrepare'
> xen/xen_driver.c:113841 Missing ACL check in function 'xenUnifiedNodeDeviceDettach' for 'nodeDeviceDettach'
> xen/xen_driver.c:113842 Missing ACL check in function 'xenUnifiedNodeDeviceDetachFlags' for 'nodeDeviceDetachFlags'
> xen/xen_driver.c:113844 Missing ACL check in function 'xenUnifiedNodeDeviceReset' for 'nodeDeviceReset'
> xen/xen_driver.c:113847 Missing ACL check in function 'xenUnifiedDomainIsActive' for 'domainIsActive'
> xen/xen_driver.c:113848 Missing ACL check in function 'xenUnifiedDomainIsPersistent' for 'domainIsPersistent'
> xen/xen_driver.c:113849 Missing ACL check in function 'xenUnifiedDomainIsUpdated' for 'domainIsUpdated'
> xen/xen_driver.c:113852 Missing ACL check in function 'xenUnifiedDomainOpenConsole' for 'domainOpenConsole'
These ones are expected to fail - I have some more work todo on the legacy
xen driver to make this pass.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list