[libvirt] [PATCHv2 2/6] event: server RPC protocol tweaks for domain lifecycle events

Eric Blake eblake at redhat.com
Tue Feb 11 21:07:06 UTC 2014


On 02/11/2014 08:57 AM, Daniel P. Berrange wrote:
> On Wed, Jan 29, 2014 at 10:49:22AM -0700, Eric Blake wrote:
>> This patch adds some new RPC call numbers, but for ease of review,
>> they sit idle until a later patch adds the client counterpart to
>> drive the new RPCs.  Also for ease of review, I limited this patch

> 
> ACK
> 

Thanks for the review.

> 
> 
>> @@ -5068,5 +5085,25 @@ enum remote_procedure {
>>       * @generate: both
>>       * @acl: none
>>       */
>> -    REMOTE_PROC_NETWORK_EVENT_LIFECYCLE = 315
>> +    REMOTE_PROC_NETWORK_EVENT_LIFECYCLE = 315,
>> +
>> +    /**
>> +     * @generate: none
>> +     * @priority: high
>> +     * @acl: none
>> +     */
>> +    REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_REGISTER_ANY = 316,
>> +
>> +    /**
>> +     * @generate: none
>> +     * @priority: high
>> +     * @acl: none
>> +     */
>> +    REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_DEREGISTER_ANY = 317,
> 
> I believe these ACLs need to be non-none now

The way 'make -C src check-aclrules' works is by correlating all RPC
calls back into their API names - but I'm not inventing any new API
names.  These new RPC calls are already covered by existing APIs, and
the ACL checks performed there are already sufficient.  But it turns out
that it doesn't hurt to make these ACLs match the other register RPC
numbers, so I'm inclined to squash this in, unless you think that
generating unused functions in src/access/viraccessapicheck.c is not
worth the pollution:

diff --git i/src/remote/remote_protocol.x w/src/remote/remote_protocol.x
index 982ab1f..26abcdd 100644
--- i/src/remote/remote_protocol.x
+++ w/src/remote/remote_protocol.x
@@ -5090,14 +5090,15 @@ enum remote_procedure {
     /**
      * @generate: none
      * @priority: high
-     * @acl: none
+     * @acl: connect:search_domains
+     * @aclfilter: domain:getattr
      */
     REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_REGISTER_ANY = 316,

     /**
      * @generate: none
      * @priority: high
-     * @acl: none
+     * @acl: connect:read
      */
     REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_DEREGISTER_ANY = 317,



-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 604 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140211/574c3ab6/attachment-0001.sig>


More information about the libvir-list mailing list