if (flags & VIR_DOMAIN_START_RESET_NVRAM)
start_flags |= VIR_QEMU_PROCESS_START_RESET_NVRAM;
- if (!(def = virDomainDefParseString(xml, driver->xmlopt,
- NULL, parse_flags)))
- goto cleanup;
+ /* Avoid parsing the whole domain definition for ACL checks */
+ if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags)))
+ return NULL;
if (virDomainCreateXMLEnsureACL(conn, def) < 0)
+ return NULL;
+
+ g_clear_pointer(&def, virDomainDefFree);
+
+ if (!(def = virDomainDefParseString(xml, driver->xmlopt,
+ NULL, parse_flags)))
goto cleanup;
if (!(vm = virDomainObjListAdd(driver->domains, &def,
if (flags & VIR_DOMAIN_SAVE_RESET_NVRAM)
reset_nvram = true;
- if (qemuSaveImageGetMetadata(driver, NULL, path, &def, &data) < 0)
+ if (qemuSaveImageGetMetadata(driver, NULL, path, ensureACL, conn, &def, &data) < 0)
goto cleanup;
sparse = data->header.format == QEMU_SAVE_FORMAT_SPARSE;
if (fd < 0)
goto cleanup;
- if (ensureACL(conn, def) < 0)
- goto cleanup;
-
if (virHookPresent(VIR_HOOK_DRIVER_QEMU)) {
int hookret;
virCheckFlags(VIR_DOMAIN_SAVE_IMAGE_XML_SECURE, NULL);
- if (qemuSaveImageGetMetadata(driver, NULL, path, &def, &data) < 0)
- goto cleanup;
-
- if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0)
+ if (qemuSaveImageGetMetadata(driver, NULL, path,
+ virDomainSaveImageGetXMLDescEnsureACL,
+ conn, &def, &data) < 0)
goto cleanup;
ret = qemuDomainDefFormatXML(driver, NULL, def, flags);
else if (flags & VIR_DOMAIN_SAVE_PAUSED)
state = 0;
- if (qemuSaveImageGetMetadata(driver, NULL, path, &def, &data) < 0)
+ if (qemuSaveImageGetMetadata(driver, NULL, path,
+ virDomainSaveImageDefineXMLEnsureACL,
+ conn, &def, &data) < 0)
goto cleanup;
fd = qemuSaveImageOpen(driver, path, false, false, NULL, true);
if (fd < 0)
goto cleanup;
- if (virDomainSaveImageDefineXMLEnsureACL(conn, def) < 0)
- goto cleanup;
-
if (STREQ(data->xml, dxml) &&
(state < 0 || state == data->header.was_running)) {
/* no change to the XML */
goto cleanup;
}
- if (qemuSaveImageGetMetadata(driver, priv->qemuCaps, path, &def, &data) < 0)
+ if (qemuSaveImageGetMetadata(driver, priv->qemuCaps, path,
+ NULL, NULL, &def, &data) < 0)
goto cleanup;
ret = qemuDomainDefFormatXML(driver, priv->qemuCaps, def, flags);
bool sparse = false;
g_autoptr(qemuMigrationParams) restoreParams = NULL;
- ret = qemuSaveImageGetMetadata(driver, NULL, path, &def, &data);
+ ret = qemuSaveImageGetMetadata(driver, NULL, path, NULL, NULL, &def, &data);
if (ret < 0) {
if (qemuSaveImageIsCorrupt(driver, path)) {
if (unlink(path) < 0) {
if (flags & VIR_DOMAIN_DEFINE_VALIDATE)
parse_flags |= VIR_DOMAIN_DEF_PARSE_VALIDATE_SCHEMA;
+ /* Avoid parsing the whole domain definition for ACL checks */
+ if (!(def = virDomainDefIDsParseString(xml, driver->xmlopt, parse_flags)))
+ return NULL;
+
+ if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0)
+ return NULL;
+
+ g_clear_pointer(&def, virDomainDefFree);
+
if (!(def = virDomainDefParseString(xml, driver->xmlopt,
NULL, parse_flags)))
return NULL;
if (virXMLCheckIllegalChars("name", def->name, "\n") < 0)
goto cleanup;
- if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0)
- goto cleanup;
-
if (!(vm = virDomainObjListAdd(driver->domains, &def,
driver->xmlopt,
0, &oldDef)))
return -1;
}
- if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname)))
- return -1;
-
- if (virDomainMigratePrepareTunnelEnsureACL(dconn, def) < 0)
+ if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname,
+ dconn,
+ virDomainMigratePrepareTunnelEnsureACL)))
return -1;
return qemuMigrationDstPrepareTunnel(driver, dconn,
return -1;
}
- if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname)))
- return -1;
-
- if (virDomainMigratePrepare2EnsureACL(dconn, def) < 0)
+ if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname,
+ dconn,
+ virDomainMigratePrepare2EnsureACL)))
return -1;
/* Do not use cookies in v2 protocol, since the cookie
QEMU_MIGRATION_DESTINATION)))
return -1;
- if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname)))
- return -1;
-
- if (virDomainMigratePrepare3EnsureACL(dconn, def) < 0)
+ if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname,
+ dconn,
+ virDomainMigratePrepare3EnsureACL)))
return -1;
return qemuMigrationDstPrepareDirect(driver, dconn,
return -1;
}
- if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname)))
- return -1;
-
- if (virDomainMigratePrepare3ParamsEnsureACL(dconn, def) < 0)
+ if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname,
+ dconn,
+ virDomainMigratePrepare3ParamsEnsureACL)))
return -1;
return qemuMigrationDstPrepareDirect(driver, dconn,
QEMU_MIGRATION_DESTINATION)))
return -1;
- if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname)))
- return -1;
-
- if (virDomainMigratePrepareTunnel3EnsureACL(dconn, def) < 0)
+ if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname,
+ dconn,
+ virDomainMigratePrepareTunnel3EnsureACL)))
return -1;
return qemuMigrationDstPrepareTunnel(driver, dconn,
QEMU_MIGRATION_DESTINATION)))
return -1;
- if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname)))
- return -1;
-
- if (virDomainMigratePrepareTunnel3ParamsEnsureACL(dconn, def) < 0)
+ if (!(def = qemuMigrationAnyPrepareDef(driver, NULL, dom_xml, dname, &origname,
+ dconn,
+ virDomainMigratePrepareTunnel3ParamsEnsureACL)))
return -1;
return qemuMigrationDstPrepareTunnel(driver, dconn,
* @driver: qemu driver data
* @qemuCaps: pointer to qemuCaps if the domain is running or NULL
* @path: path of the save image
+ * @ensureACL: ACL callback to check against the definition or NULL
+ * @conn: parameter for the @ensureACL callback
* @ret_def: returns domain definition created from the XML stored in the image
* @ret_data: returns structure filled with data from the image header
*
- * Open the save image file, read libvirt's save image metadata, and populate
- * the @ret_def and @ret_data structures. Returns 0 on success and -1 on failure.
+ * Open the save image file, read libvirt's save image metadata, optionally
+ * check ACLs before parsing the whole domain definition and populate the
+ * @ret_def and @ret_data structures. Returns 0 on success and -1 on failure.
*/
int
qemuSaveImageGetMetadata(virQEMUDriver *driver,
virQEMUCaps *qemuCaps,
const char *path,
+ int (*ensureACL)(virConnectPtr, virDomainDef *),
+ virConnectPtr conn,
virDomainDef **ret_def,
virQEMUSaveData **ret_data)
{
VIR_AUTOCLOSE fd = -1;
virQEMUSaveData *data;
g_autoptr(virDomainDef) def = NULL;
+ unsigned int parse_flags = VIR_DOMAIN_DEF_PARSE_INACTIVE |
+ VIR_DOMAIN_DEF_PARSE_SKIP_VALIDATE;
int rc;
if ((fd = qemuDomainOpenFile(cfg, NULL, path, O_RDONLY, NULL)) < 0)
return rc;
data = *ret_data;
+
+ if (ensureACL) {
+ /* Parse only the IDs for ACL checks */
+ g_autoptr(virDomainDef) aclDef = virDomainDefIDsParseString(data->xml,
+ driver->xmlopt,
+ parse_flags);
+
+ if (!aclDef || ensureACL(conn, aclDef) < 0)
+ return -1;
+ }
+
/* Create a domain from this XML */
if (!(def = virDomainDefParseString(data->xml, driver->xmlopt, qemuCaps,
- VIR_DOMAIN_DEF_PARSE_INACTIVE |
- VIR_DOMAIN_DEF_PARSE_SKIP_VALIDATE)))
+ parse_flags)))
return -1;
*ret_def = g_steal_pointer(&def);
projects / thirdparty / libvirt.git / commitdiff
