qemu: checkpoint: Do ACL check prior to snapshot interlocking

The interlocking with snapshots is executed prior to the ACL check so if a VM has snapshots invoking the checkpoint API may leak it's existance. Introduced with the qemuDomainCheckpointCreateXML API implementation in commit 5f4e0796. Signed-off-by: N Peter Krempa <pkrempa@redhat.com> Reviewed-by: N Pavel Hrdina <phrdina@redhat.com>

qemu: checkpoint: Do ACL check prior to snapshot interlocking
The interlocking with snapshots is executed prior to the ACL check so if a VM has snapshots invoking the checkpoint API may leak it's existance. Introduced with the qemuDomainCheckpointCreateXML API implementation in commit 5f4e0796. Signed-off-by: N Peter Krempa <pkrempa@redhat.com> Reviewed-by: N Pavel Hrdina <phrdina@redhat.com>
c8ef580f · Peter Krempa · f4e1ef9d · c8ef580f
隐藏空白更改
内联并排

Showing with 6 addition and 6 deletion

src/qemu/qemu_driver.c src/qemu/qemu_driver.c +6 -6

未找到文件。
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -17254,18 +17254,18 @@ qemuDomainCheckpointCreateXML(virDomainPtr domain,
    if (!(vm = qemuDomainObjFromDomain(domain)))
        goto cleanup;

-    if (virDomainSnapshotObjListNum(vm->snapshots, NULL, 0) > 0) {
-        virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
-                       _("cannot create checkpoint while snapshot exists"));
-        goto cleanup;
-    }
-
    priv = vm->privateData;
    cfg = virQEMUDriverGetConfig(driver);

    if (virDomainCheckpointCreateXMLEnsureACL(domain->conn, vm->def, flags) < 0)
        goto cleanup;

+    if (virDomainSnapshotObjListNum(vm->snapshots, NULL, 0) > 0) {
+        virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+                       _("cannot create checkpoint while snapshot exists"));
+        goto cleanup;
+    }
+
    if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_BITMAP_MERGE)) {
        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                       _("qemu binary lacks persistent bitmaps support"));