Hi, Daniel Sorry, I think that explanation was not enough... About "virsh connect" of Xen: When a general user has access to remote, he can't carry out a command of "virsh --connect xen start <domain>", but, he can carry out a command of "virsh --connect http://10.xx.xx.xx:8000 start <domain>". (What is a kind of Hypervisor? not judge it to be it.Therefore this is not ReadOnly. "virsh.c - vshInit" decides "R/O" or "R/W" by the result that judged a kind of Hypervisor to be it.) I think that it is a problem that a general user can carry out command (e.g."start","destroy"). So, I make the patch which prevented remote control using the following problem. 1)in general user # virsh destroy <domain> operation virDomainCreate forbidden for read only access -- I agree with this behavior # virsh --conexct xen destory <domain> operation virDomainCreate forbidden for read only access -- I agree with this behavior # virsh --conect http://10.xx.xx.xx:8000 destroy <domain> <domain> was destory ... -- I think that this behavior is a problem 2)in root user # virsh destroy <domain> <domain> was destory ... -- I agree with this behavior # virsh --conexct xen destory <domain> <domain> was destory ... -- I agree with this behavior # virsh --conect http://10.xx.xx.xx:8000 destroy <domain> <domain> was destory ... -- I agree with this behavior Thanks, Shigeki Sakamoto.
I don't see why you consider that currently a general user can open a R/W Xen connection. This will fail. That's IMHO normal. A normal user must use the --readonly flag when connecting to Xen. For remote connections it really depends, if the administrator opened the xend port then the remote access would be R/W so those two points looks wrong to me.
I still don't understand what you are trying to achieve. And I won't apply any patch until I understand what you are trying to do, why, how the patch work and what the side effects may be. I'm sorry if this is annoying but this really must be done. You need to convince me on those points, and so far I still block on the very early step: - what you are trying to achieve ? - why ? Explain to me, possibly with example what the actual problem is. So far I disagreed with what you exposed in your model, and I don't understand what and how your patch is supposed to change things. Please explain,
thanks,
Daniel