[libvirt] [PATCH v5 09/20] backup: Implement backup APIs for remote driver

Eric Blake eblake at redhat.com
Wed Mar 27 03:49:58 UTC 2019 

On 3/6/19 11:47 PM, Eric Blake wrote:
> The remote code generator had to be taught about the new
> virDomainCheckpointPtr type, at which point the remote driver
> code for backups can be generated.
> 
> Signed-off-by: Eric Blake <eblake at redhat.com>
> ---

Question for Dan:

> +   /**
> +     * @generate: both
> +     * @acl: domain:checkpoint
> +     */
> +    REMOTE_PROC_DOMAIN_CHECKPOINT_CREATE_XML = 404,

Patch 8/20 created a new domain:checkpoint access category, which works
well here...


> +
> +    /**
> +     * @generate: both
> +     * @acl: domain:checkpoint
> +     * @acl: domain:block_read

This one should be block_write, not block_read, because it is copying
out guest data (which could be a security consideration); basically, the
same as virDomainBlockCopy.

> +     */
> +    REMOTE_PROC_DOMAIN_BACKUP_BEGIN = 415,

...my question is whether it is possible to make the domain:checkpoint
permission be conditional on whether the checkpointXml argument was
supplied. It's unlikely that someone with domain:block_write to copy
disks won't also have domain:checkpoint, but if they aren't creating a
checkpoint, it would be nicer to not require that access right.  Is the
only way to do that by having libvirt declare a flag which gets set any
time checkpointXml is non-NULL, so that we can then do
domain:checkpoint:FLAG_NAME? (This would be an unusual case where
libvirt would set the flag on the user's behalf, and where the flag
exists more for the ACL checking than for something inherent to what the
user has to tell the driver).  The same question applies to my proposed
virDomainSnapshotCreateXML2 (there, it would be domain:snapshot instead
of domain:block_write as the unconditional permission, but a conditional
permission on domain:checkpoint when checkpointXml is non-NULL would be
nice to figure out).

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20190326/248150db/attachment-0001.sig>

More information about the libvir-list mailing list