]> xenbits.xensource.com Git - libvirt.git/commitdiff
projects / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2068f2f)
Don't allow readonly connections to dump secure xml.
authorCole Robinson <crobinso@redhat.com>
Mon, 16 Mar 2009 17:21:12 +0000 (17:21 +0000)
committerCole Robinson <crobinso@redhat.com>
Mon, 16 Mar 2009 17:21:12 +0000 (17:21 +0000)
ChangeLog patch | blob | blame | history
src/libvirt.c patch | blob | blame | history

diff --git a/ChangeLog b/ChangeLog
index e3ac8b9d3200c836f769b3321c491bd5492324b9..6ea5df5b64e309b4ceb0b2e031bc1d0284fc2d35 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Mon Mar 16 13:17:05 EDT 2009 Cole Robinson <crobinso@redhat.com>
+
+       * src/libvirt.c: Don't allow readonly connections to dump secure xml.
+
 Mon Mar 16 13:15:11 EDT 2009 Cole Robinson <crobinso@redhat.com>
 
        * src/qemu_driver.c: Initialize security driver after config parsing
diff --git a/src/libvirt.c b/src/libvirt.c
index bf3453a06d97c6b5b990ab0624d295fd47af046f..f29df6bea31e7f7bf6874c2d47f998f12d2994b2 100644 (file)
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -2619,6 +2619,12 @@ virDomainGetXMLDesc(virDomainPtr domain, int flags)
 
     conn = domain->conn;
 
+    if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) {
+        virLibConnError(conn, VIR_ERR_OPERATION_DENIED,
+                        _("virDomainGetXMLDesc with secure flag"));
+        goto error;
+    }
+
     if (conn->driver->domainDumpXML) {
         char *ret;
         ret = conn->driver->domainDumpXML (domain, flags);
Unnamed repository; edit this file 'description' to name the repository.