CVE-2015-0236: qemu: Check ACLs when dumping security info from save image

author Peter Krempa <pkrempa@redhat.com>

Tue, 20 Jan 2015 16:01:01 +0000 (17:01 +0100)

committer Eric Blake <eblake@redhat.com>

Thu, 22 Jan 2015 16:29:10 +0000 (09:29 -0700)
author Peter Krempa <pkrempa@redhat.com>
Tue, 20 Jan 2015 16:01:01 +0000 (17:01 +0100)
committer Eric Blake <eblake@redhat.com>
Thu, 22 Jan 2015 16:29:10 +0000 (09:29 -0700)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c

index e3aacb6e49c251ef14a5f8e13a050a967c46df36..2e7bbab0ad15aae15b55a1f91b70fe39ebc1e52e 100644 (file)
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -6007,7 +6007,7 @@ qemuDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *path,
      if (fd < 0)
          goto cleanup;
  
-    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0)
+    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0)
          goto cleanup;
  
      ret = qemuDomainDefFormatXML(driver, def, flags);
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x

index ebf453071a6959fa7e5cfc3fcb00e1308af0a759..2d0cbd3373bfe0802dbd53ae414bf47403fe14d7 100644 (file)
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -4778,6 +4778,7 @@ enum remote_procedure {
       * @generate: both
       * @priority: high
       * @acl: domain:read
+     * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
       */
      REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235,
author	Peter Krempa <pkrempa@redhat.com>
	Tue, 20 Jan 2015 16:01:01 +0000 (17:01 +0100)
committer	Eric Blake <eblake@redhat.com>
	Thu, 22 Jan 2015 16:29:10 +0000 (09:29 -0700)
src/qemu/qemu_driver.c		patch \| blob \| blame \| history
src/remote/remote_protocol.x		patch \| blob \| blame \| history