From 4f0438ef7c5ef6725b584bdc3b3f1bf328dbee33 Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Wed, 13 Jun 2018 07:04:57 -0500 Subject: [PATCH] backup: Add new domain:checkpoint access control MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Creating a checkpoint does not modify guest-visible state, but does modify host resources. Rather than reuse existing domain:write, domain:block_write, or domain:snapshot access controls, it seems better to introduce a new access control specific to tasks related to checkpoints and incremental backups of guest disk state. Signed-off-by: Eric Blake Reviewed-by: Daniel P. Berrangé --- src/access/viraccessperm.c | 3 ++- src/access/viraccessperm.h | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/access/viraccessperm.c b/src/access/viraccessperm.c index 74993e9f29..33db7752b6 100644 --- a/src/access/viraccessperm.c +++ b/src/access/viraccessperm.c @@ -39,7 +39,8 @@ VIR_ENUM_IMPL(virAccessPermDomain, "getattr", "read", "write", "read_secure", "start", "stop", "reset", "save", "delete", - "migrate", "snapshot", "suspend", "hibernate", "core_dump", "pm_control", + "migrate", "checkpoint", "snapshot", "suspend", "hibernate", + "core_dump", "pm_control", "init_control", "inject_nmi", "send_input", "send_signal", "fs_trim", "fs_freeze", "block_read", "block_write", "mem_read", diff --git a/src/access/viraccessperm.h b/src/access/viraccessperm.h index d4b9c69c1e..a42512d5e0 100644 --- a/src/access/viraccessperm.h +++ b/src/access/viraccessperm.h @@ -186,6 +186,12 @@ typedef enum { */ VIR_ACCESS_PERM_DOMAIN_MIGRATE, /* Host migration */ + /** + * @desc: Checkpoint domain + * @message: Checkpointing domain requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_CHECKPOINT, /* Checkpoint disks */ + /** * @desc: Snapshot domain * @message: Snapshotting domain requires authorization