From nobody Thu Jul  3 23:08:21 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 152890818789113.208627933650291;
 Wed, 13 Jun 2018 09:43:07 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 7197E8764C;
	Wed, 13 Jun 2018 16:43:06 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 3D359761E1;
	Wed, 13 Jun 2018 16:43:06 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id D82D018037ED;
	Wed, 13 Jun 2018 16:43:05 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com
	[10.11.54.4])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w5DGgbge029629 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 13 Jun 2018 12:42:38 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id C505D2024CA4; Wed, 13 Jun 2018 16:42:37 +0000 (UTC)
Received: from red.redhat.com (ovpn-120-103.rdu2.redhat.com [10.10.120.103])
	by smtp.corp.redhat.com (Postfix) with ESMTP id ECC542024CA1;
	Wed, 13 Jun 2018 16:42:36 +0000 (UTC)
From: Eric Blake <eblake@redhat.com>
To: libvir-list@redhat.com
Date: Wed, 13 Jun 2018 11:42:28 -0500
Message-Id: <20180613164229.1379979-8-eblake@redhat.com>
In-Reply-To: <20180613164229.1379979-1-eblake@redhat.com>
References: <20180613164229.1379979-1-eblake@redhat.com>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4
X-loop: libvir-list@redhat.com
Cc: vsementsov@virtuozzo.com, mnestratov@virtuozzo.com, nsoffer@redhat.com,
	pkrempa@redhat.com, nshirokovskiy@virtuozzo.com, den@openvz.org,
	jsnow@redhat.com
Subject: [libvirt] [PATCH 7/8] backup: Add new domain:checkpoint access
	control
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]);
 Wed, 13 Jun 2018 16:43:07 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Creating a checkpoint does not modify guest-visible state,
but does modify host resources.  Rather than reuse existing
domain:write, domain:block_write, or domain:snapshot access
controls, it seems better to introduce a new access control
specific to tasks related to checkpoints and incremental
backups of guest disk state.

Signed-off-by: Eric Blake <eblake@redhat.com>
---
 src/access/viraccessperm.c | 5 +++--
 src/access/viraccessperm.h | 8 +++++++-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/access/viraccessperm.c b/src/access/viraccessperm.c
index 0f58290173..cba3c556d8 100644
--- a/src/access/viraccessperm.c
+++ b/src/access/viraccessperm.c
@@ -1,7 +1,7 @@
 /*
  * viraccessperm.c: access control permissions
  *
- * Copyright (C) 2012-2014 Red Hat, Inc.
+ * Copyright (C) 2012-2018 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -38,7 +38,8 @@ VIR_ENUM_IMPL(virAccessPermDomain,
               "getattr", "read", "write", "read_secure",
               "start", "stop", "reset",
               "save", "delete",
-              "migrate", "snapshot", "suspend", "hibernate", "core_dump", =
"pm_control",
+              "migrate", "checkpoint", "snapshot", "suspend", "hibernate",
+              "core_dump", "pm_control",
               "init_control", "inject_nmi", "send_input", "send_signal",
               "fs_trim", "fs_freeze",
               "block_read", "block_write", "mem_read",
diff --git a/src/access/viraccessperm.h b/src/access/viraccessperm.h
index 1817da73bc..373c76859b 100644
--- a/src/access/viraccessperm.h
+++ b/src/access/viraccessperm.h
@@ -1,7 +1,7 @@
 /*
  * viraccessperm.h: access control permissions
  *
- * Copyright (C) 2012-2014 Red Hat, Inc.
+ * Copyright (C) 2012-2018 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -180,6 +180,12 @@ typedef enum {
      */
     VIR_ACCESS_PERM_DOMAIN_MIGRATE,   /* Host migration */

+    /**
+     * @desc: Checkpoint domain
+     * @message: Checkpointing domain requires authorization
+     */
+    VIR_ACCESS_PERM_DOMAIN_CHECKPOINT,  /* Checkpoint disks */
+
     /**
      * @desc: Snapshot domain
      * @message: Snapshotting domain requires authorization
--=20
2.14.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list