[Libvir] PATCH: Don't make connection read-only when non-root
The virsh commands has long forced the connection to be read-only if running as non-root. This is bogus because it is perfectly capable of authenticating full read-write connections as non-root since we gained kerberos/policykit support. The user can always use the explicit --readonly flag if they only want a read only connection Dan. Index: src/virsh.c =================================================================== RCS file: /data/cvs/libvirt/src/virsh.c,v retrieving revision 1.135 diff -r1.135 virsh.c 6048,6054d6047 < #ifndef __MINGW32__ < /* Force a non-root, Xen connection to readonly */ < if ((ctl->name == NULL || < !strcasecmp(ctl->name, "xen")) && ctl->uid != 0) < ctl->readonly = 1; < #endif < -- |: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
On Sun, Mar 09, 2008 at 09:05:02PM +0000, Daniel P. Berrange wrote:
The virsh commands has long forced the connection to be read-only if running as non-root. This is bogus because it is perfectly capable of authenticating full read-write connections as non-root since we gained kerberos/policykit support. The user can always use the explicit --readonly flag if they only want a read only connection
Dan.
Index: src/virsh.c =================================================================== RCS file: /data/cvs/libvirt/src/virsh.c,v retrieving revision 1.135 diff -r1.135 virsh.c 6048,6054d6047 < #ifndef __MINGW32__ < /* Force a non-root, Xen connection to readonly */ < if ((ctl->name == NULL || < !strcasecmp(ctl->name, "xen")) && ctl->uid != 0) < ctl->readonly = 1; < #endif
Yes. I was tempted to just remove this bogosity before but instead I just patched it out for Windows. Rich. -- Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into Xen guests. http://et.redhat.com/~rjones/virt-p2v
On Mon, Mar 10, 2008 at 11:49:54AM +0000, Richard W.M. Jones wrote:
On Sun, Mar 09, 2008 at 09:05:02PM +0000, Daniel P. Berrange wrote:
The virsh commands has long forced the connection to be read-only if running as non-root. This is bogus because it is perfectly capable of authenticating full read-write connections as non-root since we gained kerberos/policykit support. The user can always use the explicit --readonly flag if they only want a read only connection
Dan.
Index: src/virsh.c =================================================================== RCS file: /data/cvs/libvirt/src/virsh.c,v retrieving revision 1.135 diff -r1.135 virsh.c 6048,6054d6047 < #ifndef __MINGW32__ < /* Force a non-root, Xen connection to readonly */ < if ((ctl->name == NULL || < !strcasecmp(ctl->name, "xen")) && ctl->uid != 0) < ctl->readonly = 1; < #endif
Yes. I was tempted to just remove this bogosity before but instead I just patched it out for Windows.
okay Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ veillard@redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
participants (3)
-
Daniel P. Berrange -
Daniel Veillard -
Richard W.M. Jones