11:22 a.m.
The current vshInit function in virsh tries some dodgy heuristics to see
if it should connect readonly or read/write to the hypervisor.
Unfortunately these heuristics fail, eg. when you have a root-owned
system-wide qemud, and a user trying to run virsh as non-root.
This patch removes the heuristics and replaces them with a simple -r |
--readonly flag on the command line. If omitted, we try to connect
read/write, otherwise we try to connect readonly.
Note that this doesn't affect the "connect" command in the shell, which
still has its own --readonly flag that is completely separate from this
new global flag.
Rich.
11:01 a.m.
On Mon, Mar 05, 2007 at 05:22:28PM +0000, Richard W.M. Jones wrote:
The current vshInit function in virsh tries some dodgy heuristics to
see
if it should connect readonly or read/write to the hypervisor.
Unfortunately these heuristics fail, eg. when you have a root-owned
system-wide qemud, and a user trying to run virsh as non-root.
This patch removes the heuristics and replaces them with a simple -r |
--readonly flag on the command line. If omitted, we try to connect
read/write, otherwise we try to connect readonly.
I like this patch, but I don't think we can apply it in exactly the
form it is now. There may well be people already using virsh in a
non-root context with Xen, and this will break them requiring them
to add a --readonly arg in. I think we should add the explicit
--readonly flag patch attached, but also put in a simplified
heuristic for the Xen non-root case. I'd think I'd add in a snippet
of code looking like:
if (ctl->uid != 0 && (ctl->name == NULL ||
!strcmp(ctl->name, "Xen"))
ctl->readonly = TRUE;
If people agree, I'll apply Rich's patch with this addition ?
Regards,
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
11:16 a.m.
Daniel P. Berrange wrote:
On Mon, Mar 05, 2007 at 05:22:28PM +0000, Richard W.M. Jones wrote:
> The current vshInit function in virsh tries some dodgy heuristics to see
> if it should connect readonly or read/write to the hypervisor.
> Unfortunately these heuristics fail, eg. when you have a root-owned
> system-wide qemud, and a user trying to run virsh as non-root.
>
> This patch removes the heuristics and replaces them with a simple -r |
> --readonly flag on the command line. If omitted, we try to connect
> read/write, otherwise we try to connect readonly.
I like this patch, but I don't think we can apply it in exactly the
form it is now. There may well be people already using virsh in a
non-root context with Xen, and this will break them requiring them
to add a --readonly arg in. I think we should add the explicit
--readonly flag patch attached, but also put in a simplified
heuristic for the Xen non-root case. I'd think I'd add in a snippet
of code looking like:
if (ctl->uid != 0 && (ctl->name == NULL ||
!strcmp(ctl->name, "Xen"))
ctl->readonly = TRUE;
If people agree, I'll apply Rich's patch with this addition ?
Agreed, unless we want an explicit --readwrite to override this
heuristic :-)
Rich.
--
Emerging Technologies, Red Hat http://et.redhat.com/~rjones/
64 Baker Street, London, W1U 7DF Mobile: +44 7866 314 421
"[Negative numbers] darken the very whole doctrines of the equations
and make dark of the things which are in their nature excessively
obvious and simple" (Francis Maseres FRS, mathematician, 1759)
6472
days inactive
6473
days old
2 comments
2 participants
participants (2)
-
Daniel P. Berrange -
Richard W.M. Jones