#include "virtypedparam.h"
#include "viruri.h"
#include "virstring.h"
+#include "viraccessapicheck.h"
+#include "viraccessapichecklxc.h"
#define VIR_FROM_THIS VIR_FROM_LXC
}
}
+ if (virConnectOpenEnsureACL(conn) < 0)
+ return VIR_DRV_OPEN_ERROR;
+
conn->privateData = lxc_driver;
return VIR_DRV_OPEN_SUCCESS;
virLXCDriverPtr driver = conn->privateData;
char *xml;
+ if (virConnectGetCapabilitiesEnsureACL(conn) < 0)
+ return NULL;
+
lxcDriverLock(driver);
if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
virReportOOMError();
goto cleanup;
}
+ if (virDomainLookupByIDEnsureACL(conn, vm->def) < 0)
+ goto cleanup;
+
dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
if (dom)
dom->id = vm->def->id;
goto cleanup;
}
+ if (virDomainLookupByUUIDEnsureACL(conn, vm->def) < 0)
+ goto cleanup;
+
dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
if (dom)
dom->id = vm->def->id;
goto cleanup;
}
+ if (virDomainLookupByNameEnsureACL(conn, vm->def) < 0)
+ goto cleanup;
+
dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
if (dom)
dom->id = vm->def->id;
_("No domain with matching uuid '%s'"), uuidstr);
goto cleanup;
}
+
+ if (virDomainIsActiveEnsureACL(dom->conn, obj->def) < 0)
+ goto cleanup;
+
ret = virDomainObjIsActive(obj);
cleanup:
_("No domain with matching uuid '%s'"), uuidstr);
goto cleanup;
}
+
+ if (virDomainIsPersistentEnsureACL(dom->conn, obj->def) < 0)
+ goto cleanup;
+
ret = obj->persistent;
cleanup:
_("No domain with matching uuid '%s'"), uuidstr);
goto cleanup;
}
+
+ if (virDomainIsUpdatedEnsureACL(dom->conn, obj->def) < 0)
+ goto cleanup;
+
ret = obj->updated;
cleanup:
virLXCDriverPtr driver = conn->privateData;
int n;
+ if (virConnectListDomainsEnsureACL(conn) < 0)
+ return -1;
+
lxcDriverLock(driver);
n = virDomainObjListGetActiveIDs(driver->domains, ids, nids);
lxcDriverUnlock(driver);
virLXCDriverPtr driver = conn->privateData;
int n;
+ if (virConnectNumOfDomainsEnsureACL(conn) < 0)
+ return -1;
+
lxcDriverLock(driver);
n = virDomainObjListNumOfDomains(driver->domains, 1);
lxcDriverUnlock(driver);
virLXCDriverPtr driver = conn->privateData;
int n;
+ if (virConnectListDefinedDomainsEnsureACL(conn) < 0)
+ return -1;
+
lxcDriverLock(driver);
n = virDomainObjListGetInactiveNames(driver->domains, names, nnames);
lxcDriverUnlock(driver);
virLXCDriverPtr driver = conn->privateData;
int n;
+ if (virConnectNumOfDefinedDomainsEnsureACL(conn) < 0)
+ return -1;
+
lxcDriverLock(driver);
n = virDomainObjListNumOfDomains(driver->domains, 0);
lxcDriverUnlock(driver);
VIR_DOMAIN_XML_INACTIVE)))
goto cleanup;
+ if (virDomainDefineXMLEnsureACL(conn, def) < 0)
+ goto cleanup;
+
if (virSecurityManagerVerify(driver->securityManager, def) < 0)
goto cleanup;
goto cleanup;
}
+ if (virDomainUndefineFlagsEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!vm->persistent) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Cannot undefine transient domain"));
priv = vm->privateData;
+ if (virDomainGetInfoEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
info->state = virDomainObjGetState(vm, NULL);
if (!virDomainObjIsActive(vm)) {
goto cleanup;
}
+ if (virDomainGetStateEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
*state = virDomainObjGetState(vm, reason);
ret = 0;
goto cleanup;
}
- ignore_value(VIR_STRDUP(ret, vm->def->os.type));
+ if (virDomainGetOSTypeEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
+ if (VIR_STRDUP(ret, vm->def->os.type) < 0)
+ goto cleanup;
cleanup:
if (vm)
goto cleanup;
}
+ if (virDomainGetMaxMemoryEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
ret = vm->def->mem.max_balloon;
cleanup:
goto cleanup;
}
+ if (virDomainSetMaxMemoryEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (newmax < vm->def->mem.cur_balloon) {
virReportError(VIR_ERR_INVALID_ARG,
"%s", _("Cannot set max memory lower than current memory"));
}
priv = vm->privateData;
+ if (virDomainSetMemoryEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (newmem > vm->def->mem.max_balloon) {
virReportError(VIR_ERR_INVALID_ARG,
"%s", _("Cannot set memory higher than max memory"));
}
priv = vm->privateData;
+ if (virDomainSetMemoryParametersEnsureACL(dom->conn, vm->def, flags) < 0)
+ goto cleanup;
+
ret = 0;
for (i = 0; i < nparams; i++) {
virTypedParameterPtr param = ¶ms[i];
}
priv = vm->privateData;
+ if (virDomainGetMemoryParametersEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if ((*nparams) == 0) {
/* Current number of memory parameters supported by cgroups */
*nparams = LXC_NB_MEM_PARAM;
goto cleanup;
}
+ if (virDomainGetXMLDescEnsureACL(dom->conn, vm->def, flags) < 0)
+ goto cleanup;
+
ret = virDomainDefFormat((flags & VIR_DOMAIN_XML_INACTIVE) &&
vm->newDef ? vm->newDef : vm->def,
flags);
goto cleanup;
}
+ if (virDomainCreateWithFlagsEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if ((vm->def->nets != NULL) && !(driver->have_netns)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("System lacks NETNS support"));
VIR_DOMAIN_XML_INACTIVE)))
goto cleanup;
+ if (virDomainCreateXMLEnsureACL(conn, def) < 0)
+ goto cleanup;
+
if (virSecurityManagerVerify(driver->securityManager, def) < 0)
goto cleanup;
goto cleanup;
}
+ if (virDomainGetSecurityLabelEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainVirtTypeToString(vm->def->virtType)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("unknown virt type in domain definition '%d'"),
lxcDriverLock(driver);
memset(secmodel, 0, sizeof(*secmodel));
+ if (virNodeGetSecurityModelEnsureACL(conn) < 0)
+ goto cleanup;
+
/* we treat no driver as success, but simply return no data in *secmodel */
if (driver->caps->host.nsecModels == 0
|| driver->caps->host.secModels[0].model == NULL)
virLXCDriverPtr driver = conn->privateData;
int ret;
+ if (virConnectDomainEventRegisterEnsureACL(conn) < 0)
+ return -1;
+
lxcDriverLock(driver);
ret = virDomainEventStateRegister(conn,
driver->domainEventState,
virLXCDriverPtr driver = conn->privateData;
int ret;
+ if (virConnectDomainEventDeregisterEnsureACL(conn) < 0)
+ return -1;
+
lxcDriverLock(driver);
ret = virDomainEventStateDeregister(conn,
driver->domainEventState,
virLXCDriverPtr driver = conn->privateData;
int ret;
+ if (virConnectDomainEventRegisterAnyEnsureACL(conn) < 0)
+ return -1;
+
lxcDriverLock(driver);
if (virDomainEventStateRegisterID(conn,
driver->domainEventState,
virLXCDriverPtr driver = conn->privateData;
int ret;
+ if (virConnectDomainEventDeregisterAnyEnsureACL(conn) < 0)
+ return -1;
+
lxcDriverLock(driver);
ret = virDomainEventStateDeregisterID(conn,
driver->domainEventState,
goto cleanup;
}
+ if (virDomainDestroyFlagsEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Domain is not running"));
}
-static int lxcConnectGetVersion(virConnectPtr conn ATTRIBUTE_UNUSED, unsigned long *version)
+static int lxcConnectGetVersion(virConnectPtr conn, unsigned long *version)
{
struct utsname ver;
uname(&ver);
+ if (virConnectGetVersionEnsureACL(conn) < 0)
+ return -1;
+
if (virParseVersionString(ver.release, version, true) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, _("Unknown release: %s"), ver.release);
return -1;
}
-static char *lxcConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED)
+static char *lxcConnectGetHostname(virConnectPtr conn)
{
+ if (virConnectGetHostnameEnsureACL(conn) < 0)
+ return NULL;
+
return virGetHostname();
}
}
priv = vm->privateData;
+ if (virDomainGetSchedulerTypeEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
/* Domain not running, thus no cgroups - return defaults */
if (!virDomainObjIsActive(vm)) {
if (nparams)
}
priv = vm->privateData;
+ if (virDomainSetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+ goto cleanup;
+
if (virDomainLiveConfigHelperMethod(driver->caps, driver->xmlopt,
vm, &flags, &vmdef) < 0)
goto cleanup;
}
priv = vm->privateData;
+ if (virDomainGetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (*nparams > 1) {
rc = lxcGetCpuBWStatus(priv->cgroup);
if (rc < 0)
}
priv = vm->privateData;
+ if (virDomainSetBlkioParametersEnsureACL(dom->conn, vm->def, flags) < 0)
+ goto cleanup;
+
if (virDomainLiveConfigHelperMethod(driver->caps, driver->xmlopt,
vm, &flags, &persistentDef) < 0)
goto cleanup;
}
priv = vm->privateData;
+ if (virDomainGetBlkioParametersEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if ((*nparams) == 0) {
/* Current number of blkio parameters supported by cgroups */
*nparams = LXC_NB_BLKIO_PARAM;
goto cleanup;
}
+ if (virDomainInterfaceStatsEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Domain is not running"));
goto cleanup;
}
+ if (virDomainGetAutostartEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
*autostart = vm->autostart;
ret = 0;
goto cleanup;
}
+ if (virDomainSetAutostartEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!vm->persistent) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Cannot set autostart for transient domain"));
goto cleanup;
}
+ if (virDomainSuspendEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Domain is not running"));
priv = vm->privateData;
+ if (virDomainResumeEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Domain is not running"));
goto cleanup;
}
+ if (virDomainOpenConsoleEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("domain is not running"));
}
priv = vm->privateData;
+ if (virDomainSendProcessSignalEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("domain is not running"));
virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ALL, -1);
+ if (virConnectListAllDomainsEnsureACL(conn) < 0)
+ return -1;
+
lxcDriverLock(driver);
ret = virDomainObjListExport(driver->domains, conn, domains, flags);
lxcDriverUnlock(driver);
priv = vm->privateData;
+ if (virDomainShutdownFlagsEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Domain is not running"));
priv = vm->privateData;
+ if (virDomainRebootEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Domain is not running"));
goto cleanup;
}
+ if (virDomainAttachDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+ goto cleanup;
+
if (virDomainObjIsActive(vm)) {
if (affect == VIR_DOMAIN_AFFECT_CURRENT)
flags |= VIR_DOMAIN_AFFECT_LIVE;
goto cleanup;
}
+ if (virDomainUpdateDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+ goto cleanup;
+
if (virDomainObjIsActive(vm)) {
if (affect == VIR_DOMAIN_AFFECT_CURRENT)
flags |= VIR_DOMAIN_AFFECT_LIVE;
goto cleanup;
}
+ if (virDomainDetachDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+ goto cleanup;
+
if (virDomainObjIsActive(vm)) {
if (affect == VIR_DOMAIN_AFFECT_CURRENT)
flags |= VIR_DOMAIN_AFFECT_LIVE;
}
priv = vm->privateData;
+ if (virDomainLxcOpenNamespaceEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Domain is not running"));
virCheckFlags(0, NULL);
+ if (virConnectGetSysinfoEnsureACL(conn) < 0)
+ return NULL;
+
if (!driver->hostsysinfo) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Host SMBIOS information is not available"));
static int
-lxcNodeGetInfo(virConnectPtr conn ATTRIBUTE_UNUSED,
+lxcNodeGetInfo(virConnectPtr conn,
virNodeInfoPtr nodeinfo)
{
+ if (virNodeGetInfoEnsureACL(conn) < 0)
+ return -1;
+
return nodeGetInfo(nodeinfo);
}
static int
-lxcNodeGetCPUStats(virConnectPtr conn ATTRIBUTE_UNUSED,
+lxcNodeGetCPUStats(virConnectPtr conn,
int cpuNum,
virNodeCPUStatsPtr params,
int *nparams,
unsigned int flags)
{
+ if (virNodeGetCPUStatsEnsureACL(conn) < 0)
+ return -1;
+
return nodeGetCPUStats(cpuNum, params, nparams, flags);
}
static int
-lxcNodeGetMemoryStats(virConnectPtr conn ATTRIBUTE_UNUSED,
+lxcNodeGetMemoryStats(virConnectPtr conn,
int cellNum,
virNodeMemoryStatsPtr params,
int *nparams,
unsigned int flags)
{
+ if (virNodeGetMemoryStatsEnsureACL(conn) < 0)
+ return -1;
+
return nodeGetMemoryStats(cellNum, params, nparams, flags);
}
static int
-lxcNodeGetCellsFreeMemory(virConnectPtr conn ATTRIBUTE_UNUSED,
+lxcNodeGetCellsFreeMemory(virConnectPtr conn,
unsigned long long *freeMems,
int startCell,
int maxCells)
{
+ if (virNodeGetCellsFreeMemoryEnsureACL(conn) < 0)
+ return -1;
+
return nodeGetCellsFreeMemory(freeMems, startCell, maxCells);
}
static unsigned long long
-lxcNodeGetFreeMemory(virConnectPtr conn ATTRIBUTE_UNUSED)
+lxcNodeGetFreeMemory(virConnectPtr conn)
{
+ if (virNodeGetFreeMemoryEnsureACL(conn) < 0)
+ return 0;
+
return nodeGetFreeMemory();
}
static int
-lxcNodeGetMemoryParameters(virConnectPtr conn ATTRIBUTE_UNUSED,
+lxcNodeGetMemoryParameters(virConnectPtr conn,
virTypedParameterPtr params,
int *nparams,
unsigned int flags)
{
+ if (virNodeGetMemoryParametersEnsureACL(conn) < 0)
+ return -1;
+
return nodeGetMemoryParameters(params, nparams, flags);
}
static int
-lxcNodeSetMemoryParameters(virConnectPtr conn ATTRIBUTE_UNUSED,
+lxcNodeSetMemoryParameters(virConnectPtr conn,
virTypedParameterPtr params,
int nparams,
unsigned int flags)
{
+ if (virNodeSetMemoryParametersEnsureACL(conn) < 0)
+ return -1;
+
return nodeSetMemoryParameters(params, nparams, flags);
}
static int
-lxcNodeGetCPUMap(virConnectPtr conn ATTRIBUTE_UNUSED,
+lxcNodeGetCPUMap(virConnectPtr conn,
unsigned char **cpumap,
unsigned int *online,
unsigned int flags)
{
+ if (virNodeGetCPUMapEnsureACL(conn) < 0)
+ return -1;
+
return nodeGetCPUMap(cpumap, online, flags);
}
static int
-lxcNodeSuspendForDuration(virConnectPtr conn ATTRIBUTE_UNUSED,
+lxcNodeSuspendForDuration(virConnectPtr conn,
unsigned int target,
unsigned long long duration,
unsigned int flags)
{
+ if (virNodeSuspendForDurationEnsureACL(conn) < 0)
+ return -1;
+
return nodeSuspendForDuration(target, duration, flags);
}
projects / people / dariof / libvirt.git / commitdiff