[Libvir] [PATCH] About remote operation restrictions of a general user

Hi When I use virt-connect in a general user, and a general user can perform operation system such as "start". So, here's the patch adds to can't use operation system in "connect" in a general user. Signed-off-by: Shigeki Sakamoto <fj0588di(a)aa.jp.fujitsu.com&gt; Thanks, Shigeki Sakamoto. Index: src/virsh.c =================================================================== RCS file: /data/cvs/libvirt/src/virsh.c,v retrieving revision 1.71 diff -u -p -r1.71 virsh.c --- src/virsh.c 2 Apr 2007 11:56:38 -0000 1.71 +++ src/virsh.c 4 Apr 2007 05:51:08 -0000 @@ -360,6 +360,8 @@ static int cmdConnect(vshControl * ctl, vshCmd * cmd) { int ro = vshCommandOptBool(cmd, "readonly"); + virDomainPtr dom; + char *ret; if (ctl->conn) { if (virConnectClose(ctl->conn) != 0) { @@ -374,12 +376,25 @@ cmdConnect(vshControl * ctl, vshCmd * cm free(ctl->name); ctl->name = vshStrdup(ctl, vshCommandOptString(cmd, "name", NULL)); + ctl->conn = virConnectOpenReadOnly(ctl->name); + ctl->readonly = 1; + if (!ro && ctl->uid != 0){ + dom = virDomainLookupByID(ctl->conn, 0); + if (dom==NULL) + return FALSE; + ret = virDomainGetXMLDesc(dom, 0); + if (NULL != strstr(ret, "domain type='xen'")) + ro = 1; + free(ret); + } if (!ro) { + if (virConnectClose(ctl->conn) != 0) { + vshError(ctl, FALSE, + _("Failed to disconnect from the hypervisor")); + return FALSE; + } ctl->conn = virConnectOpen(ctl->name); ctl->readonly = 0; - } else { - ctl->conn = virConnectOpenReadOnly(ctl->name); - ctl->readonly = 1; } if (!ctl->conn) @@ -3175,6 +3190,9 @@ _vshStrdup(vshControl * ctl, const char static int vshInit(vshControl * ctl) { + virDomainPtr dom; + char *ret; + if (ctl->conn) return FALSE; @@ -3188,8 +3206,26 @@ vshInit(vshControl * ctl) !strcasecmp(ctl->name, "xen")) && ctl->uid != 0) ctl->readonly = 1; - if (!ctl->readonly) + if (!ctl->readonly) { ctl->conn = virConnectOpen(ctl->name); + + if (ctl->uid != 0){ + dom = virDomainLookupByID(ctl->conn, 0); + if (dom==NULL) + return FALSE; + ret = virDomainGetXMLDesc(dom, 0); + if (NULL != strstr(ret, "domain type='xen'")) { + if (virConnectClose(ctl->conn) != 0) { + vshError(ctl, FALSE, + _("Failed to disconnect from the hypervisor")); + return FALSE; + } + ctl->conn = virConnectOpenReadOnly(ctl->name); + ctl->readonly = 1; + } + free(ret); + } + } else ctl->conn = virConnectOpenReadOnly(ctl->name);