Re: [Libvir] [PATCH] About remote operation restrictions of a general user
On Tue, Apr 10, 2007 at 04:02:57PM +0900, S.Sakamoto wrote:
Hi, Daniel
Would you give me a comment on this model?
If not, please apply this patch.
> About virsh connect, I think as follows.
>
> ==========================================================================
> //Authorization model of a general user of now//
>
> *Local connection* *Remote connection*
>
> HV | Xen | QEmu/KVM/etc HV | Xen | QEmu/KVM/etc
> --------------------------------- ---------------------------------
> authority | R/W | R/W authority | R/O | R/W
I don't see why you consider that currently a general user can open a R/W
Xen connection. This will fail. That's IMHO normal. A normal user must
use the --readonly flag when connecting to Xen.
For remote connections it really depends, if the administrator opened the
xend port then the remote access would be R/W so those two points looks
wrong to me.
I still don't understand what you are trying to achieve. And I won't
apply any patch until I understand what you are trying to do, why, how
the patch work and what the side effects may be. I'm sorry if this is
annoying but this really must be done. You need to convince me on those
points, and so far I still block on the very early step:
- what you are trying to achieve ?
- why ?
Explain to me, possibly with example what the actual problem is. So far
I disagreed with what you exposed in your model, and I don't understand
what and how your patch is supposed to change things. Please explain,
thanks,
Daniel
--
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard | virtualization library http://libvirt.org/
veillard(a)redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/