[libvirt] [PATCH v7 12/23] backup: Add new domain:checkpoint access control
Eric Blake
eblake at redhat.com
Wed Mar 27 10:10:43 UTC 2019
Creating a checkpoint does not modify guest-visible state,
but does modify host resources. Rather than reuse existing
domain:write, domain:block_write, or domain:snapshot access
controls, it seems better to introduce a new access control
specific to tasks related to checkpoints and incremental
backups of guest disk state.
Signed-off-by: Eric Blake <eblake at redhat.com>
---
src/access/viraccessperm.h | 8 +++++++-
src/access/viraccessperm.c | 5 +++--
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/src/access/viraccessperm.h b/src/access/viraccessperm.h
index ce3865b359..509d3e327a 100644
--- a/src/access/viraccessperm.h
+++ b/src/access/viraccessperm.h
@@ -1,7 +1,7 @@
/*
* viraccessperm.h: access control permissions
*
- * Copyright (C) 2012-2014 Red Hat, Inc.
+ * Copyright (C) 2012-2019 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -186,6 +186,12 @@ typedef enum {
*/
VIR_ACCESS_PERM_DOMAIN_MIGRATE, /* Host migration */
+ /**
+ * @desc: Checkpoint domain
+ * @message: Checkpointing domain requires authorization
+ */
+ VIR_ACCESS_PERM_DOMAIN_CHECKPOINT, /* Checkpoint disks */
+
/**
* @desc: Snapshot domain
* @message: Snapshotting domain requires authorization
diff --git a/src/access/viraccessperm.c b/src/access/viraccessperm.c
index 67f751ef9c..c1c40ac5bd 100644
--- a/src/access/viraccessperm.c
+++ b/src/access/viraccessperm.c
@@ -1,7 +1,7 @@
/*
* viraccessperm.c: access control permissions
*
- * Copyright (C) 2012-2014 Red Hat, Inc.
+ * Copyright (C) 2012-2018 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -39,7 +39,8 @@ VIR_ENUM_IMPL(virAccessPermDomain,
"getattr", "read", "write", "read_secure",
"start", "stop", "reset",
"save", "delete",
- "migrate", "snapshot", "suspend", "hibernate", "core_dump", "pm_control",
+ "migrate", "checkpoint", "snapshot", "suspend", "hibernate",
+ "core_dump", "pm_control",
"init_control", "inject_nmi", "send_input", "send_signal",
"fs_trim", "fs_freeze",
"block_read", "block_write", "mem_read",
--
2.20.1
More information about the libvir-list
mailing list