diff options
| author | Daniel P. Berrangé <berrange@redhat.com> | 2024-07-12 14:24:59 +0100 |
|---|---|---|
| committer | Konstantin Kostiuk <kkostiuk@redhat.com> | 2024-07-19 11:50:35 +0300 |
| commit | 2e3b166c41e20eba7e74d9a9203a663cc455bc49 (patch) | |
| tree | b5903be9530438c56b1c740c22b4b1f5e5969148 /docs | |
| parent | f8bf2347ed6036adf195202fa55c2cb587004679 (diff) | |
| download | qemu-2e3b166c41e20eba7e74d9a9203a663cc455bc49.zip qemu-2e3b166c41e20eba7e74d9a9203a663cc455bc49.tar.gz qemu-2e3b166c41e20eba7e74d9a9203a663cc455bc49.tar.bz2 | |
qga: centralize logic for disabling/enabling commands
It is confusing having many different pieces of code enabling and
disabling commands, and it is not clear that they all have the same
semantics, especially wrt prioritization of the block/allow lists.
The code attempted to prevent the user from setting both the block
and allow lists concurrently, however, the logic was flawed as it
checked settings in the configuration file separately from the
command line arguments. Thus it was possible to set a block list
in the config file and an allow list via a command line argument.
The --dump-conf option also creates a configuration file with both
keys present, even if unset, which means it is creating a config
that cannot actually be loaded again.
Centralizing the code in a single method "ga_apply_command_filters"
will provide a strong guarantee of consistency and clarify the
intended behaviour. With this there is no compelling technical
reason to prevent concurrent setting of both the allow and block
lists, so this flawed restriction is removed.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Message-ID: <20240712132459.3974109-23-berrange@redhat.com>
Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/interop/qemu-ga.rst | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/docs/interop/qemu-ga.rst b/docs/interop/qemu-ga.rst index e42b370..fb75cfd 100644 --- a/docs/interop/qemu-ga.rst +++ b/docs/interop/qemu-ga.rst @@ -28,6 +28,20 @@ configuration options on the command line. For the same key, the last option wins, but the lists accumulate (see below for configuration file format). +If an allowed RPCs list is defined in the configuration, then all +RPCs will be blocked by default, except for the allowed list. + +If a blocked RPCs list is defined in the configuration, then all +RPCs will be allowed by default, except for the blocked list. + +If both allowed and blocked RPCs lists are defined in the configuration, +then all RPCs will be blocked by default, then the allowed list will +be applied, followed by the blocked list. + +While filesystems are frozen, all except for a designated safe set +of RPCs will blocked, regardless of what the general configuration +declares. + Options ------- |