[virt-tools-list] (PATCH) Give clone priv to group 'libvirtd'

Cole Robinson crobinso at redhat.com
Thu Dec 22 19:49:17 UTC 2011 

On 12/19/2011 03:40 AM, 莊承恩 wrote:
> Dear all:
> Â  Â It's my first time to give a patch.
> Â I've been trying to clone a virtual machine, where invoking the virt-clone
> from an Apache.
>  However, virt-clone give me such error 
> /
> $ virt-clone -o debian-test -n debian-test6 -f /home/xen/domains/debian-test6.img/
> /ERROR Â  Â Must be privileged to clone Xen guests/
> Â 
> Â I don't know if there are some serious concern about the clone priv,
> but more over, I really need to clone the VM without root priv,
> Â  As a result, Â I made a patch as following, which give the clove priv to
> group libvirtd. ; )
> 

Thanks for the patch. However not all distros have a libvirtd group so this
isn't a complete fix.

Frankly whether a user has privilege to clone a VM or not involves a lot of
different variables that the User module isn't considering. I've pushed a
change that just assumes if you already have an open connection then you are
likely to have permission to clone.

Fix upstream now, let me know if that's sufficient for you:

http://git.fedorahosted.org/git?p=python-virtinst.git;a=commit;h=9a8945ddeec7b0325ec6827f6cb61d53118e5fcd

- Cole

> --- a/virtinst/User.py
> +++ b/virtinst/User.py
> @@ -58,7 +58,10 @@ class User(object):
> Â  Â  Â  Â  Â  Â  Â is_xen = not conn or conn.lower()[0:3] == 'xen'
> Â  Â  Â  Â  Â  Â  Â if priv in [ self.PRIV_CLONE, self.PRIV_CREATE_DOMAIN ]:
> Â  Â  Â  Â  Â  Â  Â  Â  Â if is_xen:
> - Â  Â  Â  Â  Â  Â  Â  Â  Â  Â return self._euid == 0
> + Â  Â  Â  Â  Â  Â  Â  Â  Â  Â import grp, pwd
> + Â  Â  Â  Â  Â  Â  Â  Â  Â  Â virt_grps = grp.getgrnam("libvirtd")[3]
> + Â  Â  Â  Â  Â  Â  Â  Â  Â  Â usr_name = pwd.getpwuid(self._euid)[0]
> + Â  Â  Â  Â  Â  Â  Â  Â  Â  Â return self._euid == 0 or usr_name in virt_grps
> Â  Â  Â  Â  Â  Â  Â  Â  Â return True
> Â 
> Â  Â  Â  Â  Â  Â  Â return self._euid == 0
> 
> 
> -- 
> Best Regards,
> 莊承恩,
> Cheng-En, Chuang
> 
> 
> _______________________________________________
> virt-tools-list mailing list
> virt-tools-list at redhat.com
> https://www.redhat.com/mailman/listinfo/virt-tools-list

More information about the virt-tools-list mailing list