mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-25 14:05:18 +00:00
Add ACL checks into the libxl driver
Insert calls to the ACL checking APIs in all libxl driver entrypoints. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
parent
cffe870c24
commit
f5e007c353
@ -1042,9 +1042,11 @@ noinst_LTLIBRARIES += libvirt_driver_libxl.la
|
|||||||
#libvirt_la_BUILT_LIBADD += libvirt_driver_libxl.la
|
#libvirt_la_BUILT_LIBADD += libvirt_driver_libxl.la
|
||||||
endif
|
endif
|
||||||
|
|
||||||
libvirt_driver_libxl_impl_la_CFLAGS = $(LIBXL_CFLAGS) \
|
libvirt_driver_libxl_impl_la_CFLAGS = \
|
||||||
-I$(top_srcdir)/src/conf \
|
$(LIBXL_CFLAGS) \
|
||||||
-I$(top_srcdir)/src/xenxs \
|
-I$(top_srcdir)/src/access \
|
||||||
|
-I$(top_srcdir)/src/conf \
|
||||||
|
-I$(top_srcdir)/src/xenxs \
|
||||||
$(AM_CFLAGS)
|
$(AM_CFLAGS)
|
||||||
libvirt_driver_libxl_impl_la_LDFLAGS = $(AM_LDFLAGS)
|
libvirt_driver_libxl_impl_la_LDFLAGS = $(AM_LDFLAGS)
|
||||||
libvirt_driver_libxl_impl_la_LIBADD = $(LIBXL_LIBS) libvirt_xenxs.la
|
libvirt_driver_libxl_impl_la_LIBADD = $(LIBXL_LIBS) libvirt_xenxs.la
|
||||||
|
@ -47,6 +47,7 @@
|
|||||||
#include "viruri.h"
|
#include "viruri.h"
|
||||||
#include "virstring.h"
|
#include "virstring.h"
|
||||||
#include "virsysinfo.h"
|
#include "virsysinfo.h"
|
||||||
|
#include "viraccessapicheck.h"
|
||||||
|
|
||||||
#define VIR_FROM_THIS VIR_FROM_LIBXL
|
#define VIR_FROM_THIS VIR_FROM_LIBXL
|
||||||
|
|
||||||
@ -1446,6 +1447,9 @@ libxlConnectOpen(virConnectPtr conn,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virConnectOpenEnsureACL(conn) < 0)
|
||||||
|
return VIR_DRV_OPEN_ERROR;
|
||||||
|
|
||||||
conn->privateData = libxl_driver;
|
conn->privateData = libxl_driver;
|
||||||
|
|
||||||
return VIR_DRV_OPEN_SUCCESS;
|
return VIR_DRV_OPEN_SUCCESS;
|
||||||
@ -1459,8 +1463,11 @@ libxlConnectClose(virConnectPtr conn ATTRIBUTE_UNUSED)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static const char *
|
static const char *
|
||||||
libxlConnectGetType(virConnectPtr conn ATTRIBUTE_UNUSED)
|
libxlConnectGetType(virConnectPtr conn)
|
||||||
{
|
{
|
||||||
|
if (virConnectGetTypeEnsureACL(conn) < 0)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
return "Xen";
|
return "Xen";
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1469,6 +1476,9 @@ libxlConnectGetVersion(virConnectPtr conn, unsigned long *version)
|
|||||||
{
|
{
|
||||||
libxlDriverPrivatePtr driver = conn->privateData;
|
libxlDriverPrivatePtr driver = conn->privateData;
|
||||||
|
|
||||||
|
if (virConnectGetVersionEnsureACL(conn) < 0)
|
||||||
|
return 0;
|
||||||
|
|
||||||
libxlDriverLock(driver);
|
libxlDriverLock(driver);
|
||||||
*version = driver->version;
|
*version = driver->version;
|
||||||
libxlDriverUnlock(driver);
|
libxlDriverUnlock(driver);
|
||||||
@ -1476,8 +1486,11 @@ libxlConnectGetVersion(virConnectPtr conn, unsigned long *version)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static char *libxlConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED)
|
static char *libxlConnectGetHostname(virConnectPtr conn)
|
||||||
{
|
{
|
||||||
|
if (virConnectGetHostnameEnsureACL(conn) < 0)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
return virGetHostname();
|
return virGetHostname();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1489,6 +1502,9 @@ libxlConnectGetSysinfo(virConnectPtr conn, unsigned int flags)
|
|||||||
|
|
||||||
virCheckFlags(0, NULL);
|
virCheckFlags(0, NULL);
|
||||||
|
|
||||||
|
if (virConnectGetSysinfoEnsureACL(conn) < 0)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
if (!driver->hostsysinfo) {
|
if (!driver->hostsysinfo) {
|
||||||
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||||
_("Host SMBIOS information is not available"));
|
_("Host SMBIOS information is not available"));
|
||||||
@ -1510,6 +1526,9 @@ libxlConnectGetMaxVcpus(virConnectPtr conn, const char *type ATTRIBUTE_UNUSED)
|
|||||||
int ret;
|
int ret;
|
||||||
libxlDriverPrivatePtr driver = conn->privateData;
|
libxlDriverPrivatePtr driver = conn->privateData;
|
||||||
|
|
||||||
|
if (virConnectGetMaxVcpusEnsureACL(conn) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
ret = libxl_get_max_cpus(driver->ctx);
|
ret = libxl_get_max_cpus(driver->ctx);
|
||||||
/* libxl_get_max_cpus() will return 0 if there were any failures,
|
/* libxl_get_max_cpus() will return 0 if there were any failures,
|
||||||
e.g. xc_physinfo() failing */
|
e.g. xc_physinfo() failing */
|
||||||
@ -1522,6 +1541,9 @@ libxlConnectGetMaxVcpus(virConnectPtr conn, const char *type ATTRIBUTE_UNUSED)
|
|||||||
static int
|
static int
|
||||||
libxlNodeGetInfo(virConnectPtr conn, virNodeInfoPtr info)
|
libxlNodeGetInfo(virConnectPtr conn, virNodeInfoPtr info)
|
||||||
{
|
{
|
||||||
|
if (virNodeGetInfoEnsureACL(conn) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
return libxlDoNodeGetInfo(conn->privateData, info);
|
return libxlDoNodeGetInfo(conn->privateData, info);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1531,6 +1553,9 @@ libxlConnectGetCapabilities(virConnectPtr conn)
|
|||||||
libxlDriverPrivatePtr driver = conn->privateData;
|
libxlDriverPrivatePtr driver = conn->privateData;
|
||||||
char *xml;
|
char *xml;
|
||||||
|
|
||||||
|
if (virConnectGetCapabilitiesEnsureACL(conn) < 0)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
libxlDriverLock(driver);
|
libxlDriverLock(driver);
|
||||||
if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
|
if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
|
||||||
virReportOOMError();
|
virReportOOMError();
|
||||||
@ -1545,6 +1570,9 @@ libxlConnectListDomains(virConnectPtr conn, int *ids, int nids)
|
|||||||
libxlDriverPrivatePtr driver = conn->privateData;
|
libxlDriverPrivatePtr driver = conn->privateData;
|
||||||
int n;
|
int n;
|
||||||
|
|
||||||
|
if (virConnectListDomainsEnsureACL(conn) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
libxlDriverLock(driver);
|
libxlDriverLock(driver);
|
||||||
n = virDomainObjListGetActiveIDs(driver->domains, ids, nids);
|
n = virDomainObjListGetActiveIDs(driver->domains, ids, nids);
|
||||||
libxlDriverUnlock(driver);
|
libxlDriverUnlock(driver);
|
||||||
@ -1558,6 +1586,9 @@ libxlConnectNumOfDomains(virConnectPtr conn)
|
|||||||
libxlDriverPrivatePtr driver = conn->privateData;
|
libxlDriverPrivatePtr driver = conn->privateData;
|
||||||
int n;
|
int n;
|
||||||
|
|
||||||
|
if (virConnectNumOfDomainsEnsureACL(conn) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
libxlDriverLock(driver);
|
libxlDriverLock(driver);
|
||||||
n = virDomainObjListNumOfDomains(driver->domains, 1);
|
n = virDomainObjListNumOfDomains(driver->domains, 1);
|
||||||
libxlDriverUnlock(driver);
|
libxlDriverUnlock(driver);
|
||||||
@ -1582,6 +1613,9 @@ libxlDomainCreateXML(virConnectPtr conn, const char *xml,
|
|||||||
VIR_DOMAIN_XML_INACTIVE)))
|
VIR_DOMAIN_XML_INACTIVE)))
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
|
if (virDomainCreateXMLEnsureACL(conn, def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!(vm = virDomainObjListAdd(driver->domains, def,
|
if (!(vm = virDomainObjListAdd(driver->domains, def,
|
||||||
driver->xmlopt,
|
driver->xmlopt,
|
||||||
VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE,
|
VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE,
|
||||||
@ -1624,6 +1658,9 @@ libxlDomainLookupByID(virConnectPtr conn, int id)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainLookupByIDEnsureACL(conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
|
dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
|
||||||
if (dom)
|
if (dom)
|
||||||
dom->id = vm->def->id;
|
dom->id = vm->def->id;
|
||||||
@ -1650,6 +1687,9 @@ libxlDomainLookupByUUID(virConnectPtr conn, const unsigned char *uuid)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainLookupByUUIDEnsureACL(conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
|
dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
|
||||||
if (dom)
|
if (dom)
|
||||||
dom->id = vm->def->id;
|
dom->id = vm->def->id;
|
||||||
@ -1676,6 +1716,9 @@ libxlDomainLookupByName(virConnectPtr conn, const char *name)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainLookupByNameEnsureACL(conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
|
dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
|
||||||
if (dom)
|
if (dom)
|
||||||
dom->id = vm->def->id;
|
dom->id = vm->def->id;
|
||||||
@ -1706,6 +1749,10 @@ libxlDomainSuspend(virDomainPtr dom)
|
|||||||
_("No domain with matching uuid '%s'"), uuidstr);
|
_("No domain with matching uuid '%s'"), uuidstr);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainSuspendEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!virDomainObjIsActive(vm)) {
|
if (!virDomainObjIsActive(vm)) {
|
||||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
|
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
@ -1765,6 +1812,9 @@ libxlDomainResume(virDomainPtr dom)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainResumeEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!virDomainObjIsActive(vm)) {
|
if (!virDomainObjIsActive(vm)) {
|
||||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
|
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
@ -1823,6 +1873,9 @@ libxlDomainShutdownFlags(virDomainPtr dom, unsigned int flags)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainShutdownFlagsEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!virDomainObjIsActive(vm)) {
|
if (!virDomainObjIsActive(vm)) {
|
||||||
virReportError(VIR_ERR_OPERATION_INVALID,
|
virReportError(VIR_ERR_OPERATION_INVALID,
|
||||||
"%s", _("Domain is not running"));
|
"%s", _("Domain is not running"));
|
||||||
@ -1876,6 +1929,9 @@ libxlDomainReboot(virDomainPtr dom, unsigned int flags)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainRebootEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!virDomainObjIsActive(vm)) {
|
if (!virDomainObjIsActive(vm)) {
|
||||||
virReportError(VIR_ERR_OPERATION_INVALID,
|
virReportError(VIR_ERR_OPERATION_INVALID,
|
||||||
"%s", _("Domain is not running"));
|
"%s", _("Domain is not running"));
|
||||||
@ -1919,6 +1975,9 @@ libxlDomainDestroyFlags(virDomainPtr dom,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainDestroyFlagsEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!virDomainObjIsActive(vm)) {
|
if (!virDomainObjIsActive(vm)) {
|
||||||
virReportError(VIR_ERR_OPERATION_INVALID,
|
virReportError(VIR_ERR_OPERATION_INVALID,
|
||||||
"%s", _("Domain is not running"));
|
"%s", _("Domain is not running"));
|
||||||
@ -1974,7 +2033,11 @@ libxlDomainGetOSType(virDomainPtr dom)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
ignore_value(VIR_STRDUP(type, vm->def->os.type));
|
if (virDomainGetOSTypeEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
|
if (VIR_STRDUP(type, vm->def->os.type) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
if (vm)
|
if (vm)
|
||||||
@ -1997,6 +2060,10 @@ libxlDomainGetMaxMemory(virDomainPtr dom)
|
|||||||
virReportError(VIR_ERR_NO_DOMAIN, "%s", _("no domain with matching uuid"));
|
virReportError(VIR_ERR_NO_DOMAIN, "%s", _("no domain with matching uuid"));
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainGetMaxMemoryEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
ret = vm->def->mem.max_balloon;
|
ret = vm->def->mem.max_balloon;
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
@ -2029,6 +2096,9 @@ libxlDomainSetMemoryFlags(virDomainPtr dom, unsigned long newmem,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainSetMemoryFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
isActive = virDomainObjIsActive(vm);
|
isActive = virDomainObjIsActive(vm);
|
||||||
|
|
||||||
if (flags == VIR_DOMAIN_MEM_CURRENT) {
|
if (flags == VIR_DOMAIN_MEM_CURRENT) {
|
||||||
@ -2151,6 +2221,9 @@ libxlDomainGetInfo(virDomainPtr dom, virDomainInfoPtr info)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainGetInfoEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!virDomainObjIsActive(vm)) {
|
if (!virDomainObjIsActive(vm)) {
|
||||||
info->cpuTime = 0;
|
info->cpuTime = 0;
|
||||||
info->memory = vm->def->mem.cur_balloon;
|
info->memory = vm->def->mem.cur_balloon;
|
||||||
@ -2198,6 +2271,9 @@ libxlDomainGetState(virDomainPtr dom,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainGetStateEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
*state = virDomainObjGetState(vm, reason);
|
*state = virDomainObjGetState(vm, reason);
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
||||||
@ -2310,6 +2386,9 @@ libxlDomainSaveFlags(virDomainPtr dom, const char *to, const char *dxml,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainSaveFlagsEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!virDomainObjIsActive(vm)) {
|
if (!virDomainObjIsActive(vm)) {
|
||||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
|
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
@ -2362,6 +2441,9 @@ libxlDomainRestoreFlags(virConnectPtr conn, const char *from,
|
|||||||
if (fd < 0)
|
if (fd < 0)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
|
if (virDomainRestoreFlagsEnsureACL(conn, def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!(vm = virDomainObjListAdd(driver->domains, def,
|
if (!(vm = virDomainObjListAdd(driver->domains, def,
|
||||||
driver->xmlopt,
|
driver->xmlopt,
|
||||||
VIR_DOMAIN_OBJ_LIST_ADD_LIVE |
|
VIR_DOMAIN_OBJ_LIST_ADD_LIVE |
|
||||||
@ -2417,6 +2499,9 @@ libxlDomainCoreDump(virDomainPtr dom, const char *to, unsigned int flags)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainCoreDumpEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!virDomainObjIsActive(vm)) {
|
if (!virDomainObjIsActive(vm)) {
|
||||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
|
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
@ -2507,6 +2592,9 @@ libxlDomainManagedSave(virDomainPtr dom, unsigned int flags)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainManagedSaveEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!virDomainObjIsActive(vm)) {
|
if (!virDomainObjIsActive(vm)) {
|
||||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
|
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
@ -2582,6 +2670,9 @@ libxlDomainHasManagedSaveImage(virDomainPtr dom, unsigned int flags)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainHasManagedSaveImageEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
ret = vm->hasManagedSave;
|
ret = vm->hasManagedSave;
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
@ -2611,6 +2702,9 @@ libxlDomainManagedSaveRemove(virDomainPtr dom, unsigned int flags)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainManagedSaveRemoveEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
name = libxlDomainManagedSavePath(driver, vm);
|
name = libxlDomainManagedSavePath(driver, vm);
|
||||||
if (name == NULL)
|
if (name == NULL)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
@ -2669,6 +2763,9 @@ libxlDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainSetVcpusFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!virDomainObjIsActive(vm) && (flags & VIR_DOMAIN_VCPU_LIVE)) {
|
if (!virDomainObjIsActive(vm) && (flags & VIR_DOMAIN_VCPU_LIVE)) {
|
||||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
||||||
_("cannot set vcpus on an inactive domain"));
|
_("cannot set vcpus on an inactive domain"));
|
||||||
@ -2788,6 +2885,9 @@ libxlDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainGetVcpusFlagsEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
active = virDomainObjIsActive(vm);
|
active = virDomainObjIsActive(vm);
|
||||||
|
|
||||||
if ((flags & (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_CONFIG)) == 0) {
|
if ((flags & (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_CONFIG)) == 0) {
|
||||||
@ -2845,6 +2945,9 @@ libxlDomainPinVcpu(virDomainPtr dom, unsigned int vcpu, unsigned char *cpumap,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainPinVcpuEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!virDomainObjIsActive(vm)) {
|
if (!virDomainObjIsActive(vm)) {
|
||||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
||||||
_("cannot pin vcpus on an inactive domain"));
|
_("cannot pin vcpus on an inactive domain"));
|
||||||
@ -2912,6 +3015,9 @@ libxlDomainGetVcpus(virDomainPtr dom, virVcpuInfoPtr info, int maxinfo,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainGetVcpusEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!virDomainObjIsActive(vm)) {
|
if (!virDomainObjIsActive(vm)) {
|
||||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
|
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
@ -2976,6 +3082,9 @@ libxlDomainGetXMLDesc(virDomainPtr dom, unsigned int flags)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainGetXMLDescEnsureACL(dom->conn, vm->def, flags) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
ret = virDomainDefFormat(vm->def, flags);
|
ret = virDomainDefFormat(vm->def, flags);
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
@ -2997,6 +3106,9 @@ libxlConnectDomainXMLFromNative(virConnectPtr conn, const char * nativeFormat,
|
|||||||
|
|
||||||
virCheckFlags(0, NULL);
|
virCheckFlags(0, NULL);
|
||||||
|
|
||||||
|
if (virConnectDomainXMLFromNativeEnsureACL(conn) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (STRNEQ(nativeFormat, LIBXL_CONFIG_FORMAT_XM)) {
|
if (STRNEQ(nativeFormat, LIBXL_CONFIG_FORMAT_XM)) {
|
||||||
virReportError(VIR_ERR_INVALID_ARG,
|
virReportError(VIR_ERR_INVALID_ARG,
|
||||||
_("unsupported config type %s"), nativeFormat);
|
_("unsupported config type %s"), nativeFormat);
|
||||||
@ -3040,6 +3152,9 @@ libxlConnectDomainXMLToNative(virConnectPtr conn, const char * nativeFormat,
|
|||||||
|
|
||||||
virCheckFlags(0, NULL);
|
virCheckFlags(0, NULL);
|
||||||
|
|
||||||
|
if (virConnectDomainXMLToNativeEnsureACL(conn) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (STRNEQ(nativeFormat, LIBXL_CONFIG_FORMAT_XM)) {
|
if (STRNEQ(nativeFormat, LIBXL_CONFIG_FORMAT_XM)) {
|
||||||
virReportError(VIR_ERR_INVALID_ARG,
|
virReportError(VIR_ERR_INVALID_ARG,
|
||||||
_("unsupported config type %s"), nativeFormat);
|
_("unsupported config type %s"), nativeFormat);
|
||||||
@ -3083,6 +3198,9 @@ libxlConnectListDefinedDomains(virConnectPtr conn,
|
|||||||
libxlDriverPrivatePtr driver = conn->privateData;
|
libxlDriverPrivatePtr driver = conn->privateData;
|
||||||
int n;
|
int n;
|
||||||
|
|
||||||
|
if (virConnectListDefinedDomainsEnsureACL(conn) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
libxlDriverLock(driver);
|
libxlDriverLock(driver);
|
||||||
n = virDomainObjListGetInactiveNames(driver->domains, names, nnames);
|
n = virDomainObjListGetInactiveNames(driver->domains, names, nnames);
|
||||||
libxlDriverUnlock(driver);
|
libxlDriverUnlock(driver);
|
||||||
@ -3095,6 +3213,9 @@ libxlConnectNumOfDefinedDomains(virConnectPtr conn)
|
|||||||
libxlDriverPrivatePtr driver = conn->privateData;
|
libxlDriverPrivatePtr driver = conn->privateData;
|
||||||
int n;
|
int n;
|
||||||
|
|
||||||
|
if (virConnectNumOfDefinedDomainsEnsureACL(conn) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
libxlDriverLock(driver);
|
libxlDriverLock(driver);
|
||||||
n = virDomainObjListNumOfDomains(driver->domains, 0);
|
n = virDomainObjListNumOfDomains(driver->domains, 0);
|
||||||
libxlDriverUnlock(driver);
|
libxlDriverUnlock(driver);
|
||||||
@ -3122,6 +3243,9 @@ libxlDomainCreateWithFlags(virDomainPtr dom,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainCreateWithFlagsEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (virDomainObjIsActive(vm)) {
|
if (virDomainObjIsActive(vm)) {
|
||||||
virReportError(VIR_ERR_OPERATION_INVALID,
|
virReportError(VIR_ERR_OPERATION_INVALID,
|
||||||
"%s", _("Domain is already running"));
|
"%s", _("Domain is already running"));
|
||||||
@ -3159,6 +3283,9 @@ libxlDomainDefineXML(virConnectPtr conn, const char *xml)
|
|||||||
VIR_DOMAIN_XML_INACTIVE)))
|
VIR_DOMAIN_XML_INACTIVE)))
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
|
if (virDomainDefineXMLEnsureACL(conn, def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!(vm = virDomainObjListAdd(driver->domains, def,
|
if (!(vm = virDomainObjListAdd(driver->domains, def,
|
||||||
driver->xmlopt,
|
driver->xmlopt,
|
||||||
0,
|
0,
|
||||||
@ -3218,6 +3345,9 @@ libxlDomainUndefineFlags(virDomainPtr dom,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainUndefineFlagsEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!vm->persistent) {
|
if (!vm->persistent) {
|
||||||
virReportError(VIR_ERR_OPERATION_INVALID,
|
virReportError(VIR_ERR_OPERATION_INVALID,
|
||||||
"%s", _("cannot undefine transient domain"));
|
"%s", _("cannot undefine transient domain"));
|
||||||
@ -3647,6 +3777,9 @@ libxlDomainAttachDeviceFlags(virDomainPtr dom, const char *xml,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainAttachDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (virDomainObjIsActive(vm)) {
|
if (virDomainObjIsActive(vm)) {
|
||||||
if (flags == VIR_DOMAIN_DEVICE_MODIFY_CURRENT)
|
if (flags == VIR_DOMAIN_DEVICE_MODIFY_CURRENT)
|
||||||
flags |= VIR_DOMAIN_DEVICE_MODIFY_LIVE;
|
flags |= VIR_DOMAIN_DEVICE_MODIFY_LIVE;
|
||||||
@ -3752,6 +3885,9 @@ libxlDomainDetachDeviceFlags(virDomainPtr dom, const char *xml,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainDetachDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (virDomainObjIsActive(vm)) {
|
if (virDomainObjIsActive(vm)) {
|
||||||
if (flags == VIR_DOMAIN_DEVICE_MODIFY_CURRENT)
|
if (flags == VIR_DOMAIN_DEVICE_MODIFY_CURRENT)
|
||||||
flags |= VIR_DOMAIN_DEVICE_MODIFY_LIVE;
|
flags |= VIR_DOMAIN_DEVICE_MODIFY_LIVE;
|
||||||
@ -3857,6 +3993,9 @@ libxlDomainUpdateDeviceFlags(virDomainPtr dom, const char *xml,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainUpdateDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (virDomainObjIsActive(vm)) {
|
if (virDomainObjIsActive(vm)) {
|
||||||
if (flags == VIR_DOMAIN_DEVICE_MODIFY_CURRENT)
|
if (flags == VIR_DOMAIN_DEVICE_MODIFY_CURRENT)
|
||||||
flags |= VIR_DOMAIN_DEVICE_MODIFY_LIVE;
|
flags |= VIR_DOMAIN_DEVICE_MODIFY_LIVE;
|
||||||
@ -3940,6 +4079,9 @@ libxlNodeGetFreeMemory(virConnectPtr conn)
|
|||||||
const libxl_version_info* ver_info;
|
const libxl_version_info* ver_info;
|
||||||
libxlDriverPrivatePtr driver = conn->privateData;
|
libxlDriverPrivatePtr driver = conn->privateData;
|
||||||
|
|
||||||
|
if (virNodeGetFreeMemoryEnsureACL(conn) < 0)
|
||||||
|
return 0;
|
||||||
|
|
||||||
if (libxl_get_physinfo(driver->ctx, &phy_info)) {
|
if (libxl_get_physinfo(driver->ctx, &phy_info)) {
|
||||||
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||||
_("libxl_get_physinfo_info failed"));
|
_("libxl_get_physinfo_info failed"));
|
||||||
@ -3963,6 +4105,9 @@ libxlConnectDomainEventRegister(virConnectPtr conn,
|
|||||||
libxlDriverPrivatePtr driver = conn->privateData;
|
libxlDriverPrivatePtr driver = conn->privateData;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
|
if (virConnectDomainEventRegisterEnsureACL(conn) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
libxlDriverLock(driver);
|
libxlDriverLock(driver);
|
||||||
ret = virDomainEventStateRegister(conn,
|
ret = virDomainEventStateRegister(conn,
|
||||||
driver->domainEventState,
|
driver->domainEventState,
|
||||||
@ -3980,6 +4125,9 @@ libxlConnectDomainEventDeregister(virConnectPtr conn,
|
|||||||
libxlDriverPrivatePtr driver = conn->privateData;
|
libxlDriverPrivatePtr driver = conn->privateData;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
|
if (virConnectDomainEventDeregisterEnsureACL(conn) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
libxlDriverLock(driver);
|
libxlDriverLock(driver);
|
||||||
ret = virDomainEventStateDeregister(conn,
|
ret = virDomainEventStateDeregister(conn,
|
||||||
driver->domainEventState,
|
driver->domainEventState,
|
||||||
@ -4008,6 +4156,9 @@ libxlDomainGetAutostart(virDomainPtr dom, int *autostart)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainGetAutostartEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
*autostart = vm->autostart;
|
*autostart = vm->autostart;
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
||||||
@ -4036,6 +4187,9 @@ libxlDomainSetAutostart(virDomainPtr dom, int autostart)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainSetAutostartEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!vm->persistent) {
|
if (!vm->persistent) {
|
||||||
virReportError(VIR_ERR_OPERATION_INVALID,
|
virReportError(VIR_ERR_OPERATION_INVALID,
|
||||||
"%s", _("cannot set autostart for transient domain"));
|
"%s", _("cannot set autostart for transient domain"));
|
||||||
@ -4105,6 +4259,9 @@ libxlDomainGetSchedulerType(virDomainPtr dom, int *nparams)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainGetSchedulerTypeEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!virDomainObjIsActive(vm)) {
|
if (!virDomainObjIsActive(vm)) {
|
||||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
|
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
@ -4170,6 +4327,9 @@ libxlDomainGetSchedulerParametersFlags(virDomainPtr dom,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainGetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!virDomainObjIsActive(vm)) {
|
if (!virDomainObjIsActive(vm)) {
|
||||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
||||||
_("Domain is not running"));
|
_("Domain is not running"));
|
||||||
@ -4252,6 +4412,9 @@ libxlDomainSetSchedulerParametersFlags(virDomainPtr dom,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainSetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!virDomainObjIsActive(vm)) {
|
if (!virDomainObjIsActive(vm)) {
|
||||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
|
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
@ -4320,6 +4483,10 @@ libxlDomainIsActive(virDomainPtr dom)
|
|||||||
virReportError(VIR_ERR_NO_DOMAIN, NULL);
|
virReportError(VIR_ERR_NO_DOMAIN, NULL);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainIsActiveEnsureACL(dom->conn, obj->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
ret = virDomainObjIsActive(obj);
|
ret = virDomainObjIsActive(obj);
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
@ -4342,6 +4509,10 @@ libxlDomainIsPersistent(virDomainPtr dom)
|
|||||||
virReportError(VIR_ERR_NO_DOMAIN, NULL);
|
virReportError(VIR_ERR_NO_DOMAIN, NULL);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainIsPersistentEnsureACL(dom->conn, obj->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
ret = obj->persistent;
|
ret = obj->persistent;
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
@ -4364,6 +4535,10 @@ libxlDomainIsUpdated(virDomainPtr dom)
|
|||||||
virReportError(VIR_ERR_NO_DOMAIN, NULL);
|
virReportError(VIR_ERR_NO_DOMAIN, NULL);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virDomainIsUpdatedEnsureACL(dom->conn, vm->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
ret = vm->updated;
|
ret = vm->updated;
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
@ -4380,6 +4555,9 @@ libxlConnectDomainEventRegisterAny(virConnectPtr conn, virDomainPtr dom, int eve
|
|||||||
libxlDriverPrivatePtr driver = conn->privateData;
|
libxlDriverPrivatePtr driver = conn->privateData;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
|
if (virConnectDomainEventRegisterAnyEnsureACL(conn) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
libxlDriverLock(driver);
|
libxlDriverLock(driver);
|
||||||
if (virDomainEventStateRegisterID(conn,
|
if (virDomainEventStateRegisterID(conn,
|
||||||
driver->domainEventState,
|
driver->domainEventState,
|
||||||
@ -4398,6 +4576,9 @@ libxlConnectDomainEventDeregisterAny(virConnectPtr conn, int callbackID)
|
|||||||
libxlDriverPrivatePtr driver = conn->privateData;
|
libxlDriverPrivatePtr driver = conn->privateData;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
|
if (virConnectDomainEventDeregisterAnyEnsureACL(conn) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
libxlDriverLock(driver);
|
libxlDriverLock(driver);
|
||||||
ret = virDomainEventStateDeregisterID(conn,
|
ret = virDomainEventStateDeregisterID(conn,
|
||||||
driver->domainEventState,
|
driver->domainEventState,
|
||||||
@ -4424,6 +4605,9 @@ libxlConnectListAllDomains(virConnectPtr conn,
|
|||||||
|
|
||||||
virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ALL, -1);
|
virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ALL, -1);
|
||||||
|
|
||||||
|
if (virConnectListAllDomainsEnsureACL(conn) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
libxlDriverLock(driver);
|
libxlDriverLock(driver);
|
||||||
ret = virDomainObjListExport(driver->domains, conn, domains, flags);
|
ret = virDomainObjListExport(driver->domains, conn, domains, flags);
|
||||||
libxlDriverUnlock(driver);
|
libxlDriverUnlock(driver);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user