From nobody Fri May 3 13:17:43 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1676646688; cv=none; d=zohomail.com; s=zohoarc; b=ICvrpEPlHiQWG9Bsz/VOmDdqIhMGgNeJQQXA3J8i7MO4GTeChqXcsquK+8oohkFxJQUstVyibzE1oluFVEp/q7sc5bx/w6pgIQEb5ul1bAyMrVHppBP51zt125MrQ7jUjliVObxutrqvZNFp0yBEdoNt3VE44gzgYt0NnTyxRsk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1676646688; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=mihux8jBPDAugIkkzP49LlHfcTsSVcyAP+1LxOTihRQ=; b=nDX8oM+toPpXUriUkTsZdhtbxhqLZbhuyem4FbBP6hjT7DBNy2tCuEanhYQWgY5kOP6KwEIo6FGWj+yNMZ8NVcHDsnYi2X15CZI3emRz7Vd/SWGy18+d/vxbYn+CKmZeJ0Vvc/sJ+tvWeB+0R3Ez16vMzrpd1KrTfhV1NEaONKM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1676646688843452.16849775311584; Fri, 17 Feb 2023 07:11:28 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-564-4F1EOIb1NpSWMm4KyPYvXg-1; Fri, 17 Feb 2023 10:11:23 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8FE3985A588; Fri, 17 Feb 2023 15:11:21 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 955242026D4B; Fri, 17 Feb 2023 15:11:17 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 4946F1946589; Fri, 17 Feb 2023 15:11:17 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id D87081946588 for ; Fri, 17 Feb 2023 15:11:14 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id C784F2026D68; Fri, 17 Feb 2023 15:11:14 +0000 (UTC) Received: from speedmetal.redhat.com (ovpn-208-8.brq.redhat.com [10.40.208.8]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3743B2026D4B for ; Fri, 17 Feb 2023 15:11:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1676646687; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=mihux8jBPDAugIkkzP49LlHfcTsSVcyAP+1LxOTihRQ=; b=NNO31rvB4zC/g69Db8QTzFaMRlpokheCONXeECTZ2JSDkR83Ka8UcboupU+tM3jrldxRaA jbe+gySCbRn1NznX3ok5V7lA5eBQY0D9xgaWfuLtSpyKvoFx/Fo+UynlFzF+GdHPuiUoxc ubgxB7HA3QIAOMfZswWnuzJuuj851L0= X-MC-Unique: 4F1EOIb1NpSWMm4KyPYvXg-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 1/2] access: Allow 'node-device.read' permission for anonymous users Date: Fri, 17 Feb 2023 16:11:10 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1676646690167100001 Content-Type: text/plain; charset="utf-8" For all other objects we allow the 'read' permission for anonymous users. In fact the idea is to allow all permissions users using the readonly connection would have. This impacts the following APIs (in terms of RPC procedure names): $ git grep -A 3 node_device:read | grep REMOTE src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_GET_XML_DESC =3D= 114, src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_GET_PARENT =3D 1= 15, src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_NUM_OF_CAPS =3D = 116, src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_LIST_CAPS =3D 11= 7, src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_GET_AUTOSTART = =3D 433, src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_IS_PERSISTENT = =3D 435, src/remote/remote_protocol.x- REMOTE_PROC_NODE_DEVICE_IS_ACTIVE =3D 43= 6, Fixes: a93cd08f Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrang=C3=A9 --- src/access/viraccessperm.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/access/viraccessperm.h b/src/access/viraccessperm.h index 051246a7b6..2f04459ed9 100644 --- a/src/access/viraccessperm.h +++ b/src/access/viraccessperm.h @@ -473,6 +473,7 @@ typedef enum { /** * @desc: Read node device * @message: Reading node device configuration requires authorization + * @anonymous: 1 */ VIR_ACCESS_PERM_NODE_DEVICE_READ, --=20 2.39.1 From nobody Fri May 3 13:17:43 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1676646704; cv=none; d=zohomail.com; s=zohoarc; b=Ns+FXMw46zfbhg1d/HTzmWgpWvWkMkTJuVU1dV5OP914IN6nEAl2HFQB84aFrNRJZjzQPesKHsstJybPGRDXcSUxGCJbL5i+EDrflDXJy4ps0PQ4uzGxG1Ra7eEjJZHEZoPivy8HsTEH0UlrTmVEifVxzG2CoN9BX50jI5Tj8RI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1676646704; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=NyYYjn6oJvez9T09eObDnKbrVD6djNL5LYMoPMdPr0E=; b=n2wnFglij1b0IN/oGRANYlsgPDjs86rjd86mmk0hCt/48uaRAelkhiQCBnDrhorJNc4EuIcXIp45eYKdO3RwLDaa97SmY4zNuftPunNWa1754go5JgKKVF17/tzARRW1OTRuoE/jb55TB2kqQDVu/rCKkZJ/M7gDQIvF3ybHNZE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1676646704160959.463896590697; Fri, 17 Feb 2023 07:11:44 -0800 (PST) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-133-7-9mKr3nNwi0-5ieqLbQmQ-1; Fri, 17 Feb 2023 10:11:40 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B74C13C0F1AE; Fri, 17 Feb 2023 15:11:36 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id A32FE1121314; Fri, 17 Feb 2023 15:11:36 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 3E7D0194658C; Fri, 17 Feb 2023 15:11:33 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 3B6981946589 for ; Fri, 17 Feb 2023 15:11:21 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id B87F32026D68; Fri, 17 Feb 2023 15:11:16 +0000 (UTC) Received: from speedmetal.redhat.com (ovpn-208-8.brq.redhat.com [10.40.208.8]) by smtp.corp.redhat.com (Postfix) with ESMTP id 44CB32026D4B for ; Fri, 17 Feb 2023 15:11:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1676646703; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=NyYYjn6oJvez9T09eObDnKbrVD6djNL5LYMoPMdPr0E=; b=b1AJEq+Xnaxi6lfiy06y3BDYLofZHXvksO4ZbAhcdNX4uO0N5580BTskqmZT6uyL7sn/AL d8NEtBAaTzQLftrWyMw0s0pEUG1EZodWXvaYTlWR+DLX6BpxaJfyccKRDuFF/VfuPLP6p9 vpJK3Aa+s3Xri6scZVAh9ZCDeqMfRfM= X-MC-Unique: 7-9mKr3nNwi0-5ieqLbQmQ-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 2/2] libvirt-nodedev: Allow read-only access to virNodeDeviceGetAutostart Date: Fri, 17 Feb 2023 16:11:11 +0100 Message-Id: <24f15128a3f36a1112965b7418ad87cc7a6bf6df.1676646627.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1676646706206100005 Content-Type: text/plain; charset="utf-8" Fetching whether a node-device is marked for autostart can be allowed from read-only connections similarly to other objects. Fixes: c6607a25b93 Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrang=C3=A9 --- src/libvirt-nodedev.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/libvirt-nodedev.c b/src/libvirt-nodedev.c index 1b7dee113e..366d2cfdbe 100644 --- a/src/libvirt-nodedev.c +++ b/src/libvirt-nodedev.c @@ -1089,7 +1089,6 @@ virNodeDeviceGetAutostart(virNodeDevicePtr dev, virResetLastError(); virCheckNodeDeviceReturn(dev, -1); - virCheckReadOnlyGoto(dev->conn->flags, error); if (dev->conn->nodeDeviceDriver && dev->conn->nodeDeviceDriver->nodeDeviceGetAutostart) { --=20 2.39.1