1. Patchew
  2. Libvirt
  3. View series

[libvirt] [PATCH] access: Fix nwfilter-binding ACL access API name generation

John Ferlan posted 1 patch 5 years, 8 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20180821202325.26581-1-jferlan@redhat.com
Test syntax-check passed
src/access/genpolkit.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
[libvirt] [PATCH] access: Fix nwfilter-binding ACL access API name generation
Posted by John Ferlan 5 years, 8 months ago 
https://bugzilla.redhat.com/show_bug.cgi?id=1611320

Generation of the ACL API policy is a "automated process"
based on this perl script which "worked" with the changes to
add nwfilter binding API's because they had the "nwfilter"
prefix; however, the generated output name was incorrect
based on the remote protocol algorithm which expected to
generate names such as 'nwfilter-binding.action' instead
of 'nwfilter.binding-action'.

This effectively changes src/access/org.libvirt.api.policy entries:

  org.libvirt.api.nwfilter.binding-create ==>
      org.libvirt.api.nwfilter-binding.create

  org.libvirt.api.nwfilter.binding-delete ==>
      org.libvirt.api.nwfilter-binding.delete

  org.libvirt.api.nwfilter.binding-getattr ==>
      org.libvirt.api.nwfilter-binding.getattr

  org.libvirt.api.nwfilter.binding-read ==>
      org.libvirt.api.nwfilter-binding.read

Signed-off-by: John Ferlan <jferlan@redhat.com>
---

 If someone can explain better exactly what is happening in this
 processing, I'd be more than willing to update the commit message.
 I'm sure my wording isn't "precise" enough, but I feel like I hit
 the lottery finding this needle in the haystack.

 src/access/genpolkit.pl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/access/genpolkit.pl b/src/access/genpolkit.pl
index 968cb8c55c..e074c90eb6 100755
--- a/src/access/genpolkit.pl
+++ b/src/access/genpolkit.pl
@@ -22,8 +22,8 @@ use warnings;
 
 my @objects = (
     "CONNECT", "DOMAIN", "INTERFACE",
-    "NETWORK","NODE_DEVICE", "NWFILTER",
-     "SECRET", "STORAGE_POOL", "STORAGE_VOL",
+    "NETWORK","NODE_DEVICE", "NWFILTER_BINDING", "NWFILTER",
+    "SECRET", "STORAGE_POOL", "STORAGE_VOL",
     );
 
 my $objects = join ("|", @objects);
-- 
2.17.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] access: Fix nwfilter-binding ACL access API name generation
Posted by Daniel P. Berrangé 5 years, 7 months ago 
On Tue, Aug 21, 2018 at 04:23:25PM -0400, John Ferlan wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1611320
> 
> Generation of the ACL API policy is a "automated process"
> based on this perl script which "worked" with the changes to
> add nwfilter binding API's because they had the "nwfilter"
> prefix; however, the generated output name was incorrect
> based on the remote protocol algorithm which expected to
> generate names such as 'nwfilter-binding.action' instead
> of 'nwfilter.binding-action'.
> 
> This effectively changes src/access/org.libvirt.api.policy entries:
> 
>   org.libvirt.api.nwfilter.binding-create ==>
>       org.libvirt.api.nwfilter-binding.create
> 
>   org.libvirt.api.nwfilter.binding-delete ==>
>       org.libvirt.api.nwfilter-binding.delete
> 
>   org.libvirt.api.nwfilter.binding-getattr ==>
>       org.libvirt.api.nwfilter-binding.getattr
> 
>   org.libvirt.api.nwfilter.binding-read ==>
>       org.libvirt.api.nwfilter-binding.read
> 
> Signed-off-by: John Ferlan <jferlan@redhat.com>

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


> ---
> 
>  If someone can explain better exactly what is happening in this
>  processing, I'd be more than willing to update the commit message.
>  I'm sure my wording isn't "precise" enough, but I feel like I hit
>  the lottery finding this needle in the haystack.

As you say, it is simply bad luck because the new APIs happened to
match the existing "nwfilter" prefix, so we didn't see the error

> 
>  src/access/genpolkit.pl | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/src/access/genpolkit.pl b/src/access/genpolkit.pl
> index 968cb8c55c..e074c90eb6 100755
> --- a/src/access/genpolkit.pl
> +++ b/src/access/genpolkit.pl
> @@ -22,8 +22,8 @@ use warnings;
>  
>  my @objects = (
>      "CONNECT", "DOMAIN", "INTERFACE",
> -    "NETWORK","NODE_DEVICE", "NWFILTER",
> -     "SECRET", "STORAGE_POOL", "STORAGE_VOL",
> +    "NETWORK","NODE_DEVICE", "NWFILTER_BINDING", "NWFILTER",
> +    "SECRET", "STORAGE_POOL", "STORAGE_VOL",
>      );
>  
>  my $objects = join ("|", @objects);
> -- 
> 2.17.1
> 
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-8c64711

© 2016 - 2024 Red Hat, Inc.