From nobody Tue Feb 10 23:32:42 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 153932107124016.52155739361126;
 Thu, 11 Oct 2018 22:11:11 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 6F02D308213E;
	Fri, 12 Oct 2018 05:11:09 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D52798CCFA;
	Fri, 12 Oct 2018 05:11:08 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2C014180BADC;
	Fri, 12 Oct 2018 05:11:08 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w9C5AlXp007096 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 12 Oct 2018 01:10:47 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 5E3A8B19D4; Fri, 12 Oct 2018 05:10:47 +0000 (UTC)
Received: from red.redhat.com (ovpn-121-240.rdu2.redhat.com [10.10.121.240])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 1F64711A1D3;
	Fri, 12 Oct 2018 05:10:45 +0000 (UTC)
From: Eric Blake <eblake@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 12 Oct 2018 00:10:10 -0500
Message-Id: <20181012051011.1398546-9-eblake@redhat.com>
In-Reply-To: <20181012051011.1398546-1-eblake@redhat.com>
References: <20181012051011.1398546-1-eblake@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
Cc: amureini@redhat.com, derez@redhat.com, vsementsov@virtuozzo.com,
	ydary@redhat.com, nsoffer@redhat.com, jsnow@redhat.com
Subject: [libvirt] [PATCH v2 8/9] backup: Add new domain:checkpoint access
	control
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]);
 Fri, 12 Oct 2018 05:11:10 +0000 (UTC)
X-ZohoMail: RDMRC_0  RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Creating a checkpoint does not modify guest-visible state,
but does modify host resources.  Rather than reuse existing
domain:write, domain:block_write, or domain:snapshot access
controls, it seems better to introduce a new access control
specific to tasks related to checkpoints and incremental
backups of guest disk state.

Signed-off-by: Eric Blake <eblake@redhat.com>
---
 src/access/viraccessperm.h | 8 +++++++-
 src/access/viraccessperm.c | 5 +++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/access/viraccessperm.h b/src/access/viraccessperm.h
index 5ac5ff3377..c6fd31dcc0 100644
--- a/src/access/viraccessperm.h
+++ b/src/access/viraccessperm.h
@@ -1,7 +1,7 @@
 /*
  * viraccessperm.h: access control permissions
  *
- * Copyright (C) 2012-2014 Red Hat, Inc.
+ * Copyright (C) 2012-2018 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -186,6 +186,12 @@ typedef enum {
      */
     VIR_ACCESS_PERM_DOMAIN_MIGRATE,   /* Host migration */

+    /**
+     * @desc: Checkpoint domain
+     * @message: Checkpointing domain requires authorization
+     */
+    VIR_ACCESS_PERM_DOMAIN_CHECKPOINT,  /* Checkpoint disks */
+
     /**
      * @desc: Snapshot domain
      * @message: Snapshotting domain requires authorization
diff --git a/src/access/viraccessperm.c b/src/access/viraccessperm.c
index d7cbb70b7b..5cb14d4cd8 100644
--- a/src/access/viraccessperm.c
+++ b/src/access/viraccessperm.c
@@ -1,7 +1,7 @@
 /*
  * viraccessperm.c: access control permissions
  *
- * Copyright (C) 2012-2014 Red Hat, Inc.
+ * Copyright (C) 2012-2018 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -38,7 +38,8 @@ VIR_ENUM_IMPL(virAccessPermDomain,
               "getattr", "read", "write", "read_secure",
               "start", "stop", "reset",
               "save", "delete",
-              "migrate", "snapshot", "suspend", "hibernate", "core_dump", =
"pm_control",
+              "migrate", "checkpoint", "snapshot", "suspend", "hibernate",
+              "core_dump", "pm_control",
               "init_control", "inject_nmi", "send_input", "send_signal",
               "fs_trim", "fs_freeze",
               "block_read", "block_write", "mem_read",
--=20
2.17.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list