From 15340ff5839dfdbaa143b5ddbddcc2f3bf072220 Mon Sep 17 00:00:00 2001 From: Peter Krempa <pkrempa@redhat.com> Date: Mon, 23 Sep 2019 15:48:06 +0200 Subject: [PATCH] qemu: snapshot: Do ACL check prior to checkpoint interlocking Commit 7efe930ec3c introduced interlock of snapshots and checkpoints, but the check is executed prior to the snapshot API ACL check. This means that an unauthorized user can see whether a VM exists if it has a checkpoint. Move the checks to proper places. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> --- src/qemu/qemu_driver.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 0753904472..f7f059b6d6 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -15902,18 +15902,18 @@ qemuDomainSnapshotCreateXML(virDomainPtr domain, if (!(vm = qemuDomObjFromDomain(domain))) goto cleanup; - if (virDomainListCheckpoints(vm->checkpoints, NULL, domain, NULL, 0) > 0) { - virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", - _("cannot create snapshot while checkpoint exists")); - goto cleanup; - } - priv = vm->privateData; cfg = virQEMUDriverGetConfig(driver); if (virDomainSnapshotCreateXMLEnsureACL(domain->conn, vm->def, flags) < 0) goto cleanup; + if (virDomainListCheckpoints(vm->checkpoints, NULL, domain, NULL, 0) > 0) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("cannot create snapshot while checkpoint exists")); + goto cleanup; + } + if (!(caps = virQEMUDriverGetCapabilities(driver, false))) goto cleanup; -- GitLab