[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libvir] [PATCH] add global --readonly flag to virsh



On Mon, Mar 05, 2007 at 05:22:28PM +0000, Richard W.M. Jones wrote:
> The current vshInit function in virsh tries some dodgy heuristics to see 
> if it should connect readonly or read/write to the hypervisor. 
> Unfortunately these heuristics fail, eg. when you have a root-owned 
> system-wide qemud, and a user trying to run virsh as non-root.
> 
> This patch removes the heuristics and replaces them with a simple -r | 
> --readonly flag on the command line.  If omitted, we try to connect 
> read/write, otherwise we try to connect readonly.

I like this patch, but I don't think we can apply it in exactly the
form it is now. There may well be people already using virsh in a
non-root context with Xen, and this will break them requiring them
to add a --readonly arg in. I think we should add the explicit
--readonly flag patch attached, but also put in a simplified 
heuristic for the Xen non-root case. I'd think I'd add in a snippet 
of code looking like:

    if (ctl->uid != 0 && (ctl->name == NULL || 
                          !strcmp(ctl->name, "Xen"))
        ctl->readonly = TRUE;

If people agree, I'll apply Rich's patch with this addition ?

Regards,
Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]