Re: [Libvir] [PATCH] About remote operation restrictions of a general user

Hi, Daniel Sorry, I think that explanation was not enough... About "virsh connect" of Xen: When a general user has access to remote, he can't carry out a command of "virsh --connect xen start <domain>", but, he can carry out a command of "virsh --connect http://10.xx.xx.xx:8000 start <domain>". (What is a kind of Hypervisor? not judge it to be it.Therefore this is not ReadOnly. "virsh.c - vshInit" decides "R/O" or "R/W" by the result that judged a kind of Hypervisor to be it.) I think that it is a problem that a general user can carry out command (e.g."start","destroy"). So, I make the patch which prevented remote control using the following problem. 1)in general user # virsh destroy <domain> operation virDomainCreate forbidden for read only access -- I agree with this behavior # virsh --conexct xen destory <domain> operation virDomainCreate forbidden for read only access -- I agree with this behavior # virsh --conect http://10.xx.xx.xx:8000 destroy <domain> 　　 　<domain> was destory ... -- I think that this behavior is a problem 2)in root user # virsh destroy <domain> <domain> was destory ... -- I agree with this behavior # virsh --conexct xen destory <domain> <domain> was destory ... -- I agree with this behavior # virsh --conect http://10.xx.xx.xx:8000 destroy <domain> <domain> was destory ... -- I agree with this behavior Thanks, Shigeki Sakamoto.