[libvirt] [PATCHv2 2/6] event: server RPC protocol tweaks for domain lifecycle events
Daniel P. Berrange
berrange at redhat.com
Wed Feb 12 10:23:46 UTC 2014
On Tue, Feb 11, 2014 at 02:07:06PM -0700, Eric Blake wrote:
> On 02/11/2014 08:57 AM, Daniel P. Berrange wrote:
> > On Wed, Jan 29, 2014 at 10:49:22AM -0700, Eric Blake wrote:
> >> This patch adds some new RPC call numbers, but for ease of review,
> >> they sit idle until a later patch adds the client counterpart to
> >> drive the new RPCs. Also for ease of review, I limited this patch
>
> >
> > ACK
> >
>
> Thanks for the review.
>
> >
> >
> >> @@ -5068,5 +5085,25 @@ enum remote_procedure {
> >> * @generate: both
> >> * @acl: none
> >> */
> >> - REMOTE_PROC_NETWORK_EVENT_LIFECYCLE = 315
> >> + REMOTE_PROC_NETWORK_EVENT_LIFECYCLE = 315,
> >> +
> >> + /**
> >> + * @generate: none
> >> + * @priority: high
> >> + * @acl: none
> >> + */
> >> + REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_REGISTER_ANY = 316,
> >> +
> >> + /**
> >> + * @generate: none
> >> + * @priority: high
> >> + * @acl: none
> >> + */
> >> + REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_DEREGISTER_ANY = 317,
> >
> > I believe these ACLs need to be non-none now
>
> The way 'make -C src check-aclrules' works is by correlating all RPC
> calls back into their API names - but I'm not inventing any new API
> names. These new RPC calls are already covered by existing APIs, and
> the ACL checks performed there are already sufficient. But it turns out
> that it doesn't hurt to make these ACLs match the other register RPC
> numbers, so I'm inclined to squash this in, unless you think that
> generating unused functions in src/access/viraccessapicheck.c is not
> worth the pollution:
>
> diff --git i/src/remote/remote_protocol.x w/src/remote/remote_protocol.x
> index 982ab1f..26abcdd 100644
> --- i/src/remote/remote_protocol.x
> +++ w/src/remote/remote_protocol.x
> @@ -5090,14 +5090,15 @@ enum remote_procedure {
> /**
> * @generate: none
> * @priority: high
> - * @acl: none
> + * @acl: connect:search_domains
> + * @aclfilter: domain:getattr
> */
> REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_REGISTER_ANY = 316,
>
> /**
> * @generate: none
> * @priority: high
> - * @acl: none
> + * @acl: connect:read
> */
> REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_DEREGISTER_ANY = 317,
ACK to this - it makes it clearer i think
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list