[PATCH 1/2] access: Allow 'node-device.read' permission for anonymous users
Daniel P. Berrangé
berrange at redhat.com
Fri Feb 17 15:30:53 UTC 2023
On Fri, Feb 17, 2023 at 04:11:10PM +0100, Peter Krempa wrote:
> For all other objects we allow the 'read' permission for anonymous
> users. In fact the idea is to allow all permissions users using the
> readonly connection would have.
>
> This impacts the following APIs (in terms of RPC procedure names):
>
> $ git grep -A 3 node_device:read | grep REMOTE
> src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_GET_XML_DESC = 114,
> src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_GET_PARENT = 115,
> src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_NUM_OF_CAPS = 116,
> src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_LIST_CAPS = 117,
> src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_GET_AUTOSTART = 433,
> src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_IS_PERSISTENT = 435,
> src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_IS_ACTIVE = 436,
>
> Fixes: a93cd08f
> Signed-off-by: Peter Krempa <pkrempa at redhat.com>
> ---
> src/access/viraccessperm.h | 1 +
> 1 file changed, 1 insertion(+)
Reviewed-by: Daniel P. Berrangé <berrange at redhat.com>
>
> diff --git a/src/access/viraccessperm.h b/src/access/viraccessperm.h
> index 051246a7b6..2f04459ed9 100644
> --- a/src/access/viraccessperm.h
> +++ b/src/access/viraccessperm.h
> @@ -473,6 +473,7 @@ typedef enum {
> /**
> * @desc: Read node device
> * @message: Reading node device configuration requires authorization
> + * @anonymous: 1
> */
> VIR_ACCESS_PERM_NODE_DEVICE_READ,
>
> --
> 2.39.1
>
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list