[et-mgmt-tools] [PATCH] readOnly flags for virConnectOpenAuth

Daniel P. Berrange berrange at redhat.com
Wed Feb 20 13:05:22 UTC 2008 

On Wed, Feb 20, 2008 at 05:02:56PM +0900, Saori Fukuta wrote:
> Hello,
> 
> I cannot connect to localhost Xen with non-root user. The virt-manager
> says the following message,
>   Unable to open connection to hypervisor URI 'xen:///':
>   <class 'libvirt.libvirtError'> virConnectOpenAuth() failed
>   Traceback (most recent call last):
>     File "/usr/share/virt-manager/virtManager/connection.py", line 414, in _open_thread 
>       None], flags)
>     File "/usr/lib/python2.5/site-packages/libvirt.py", line 94, in openAuth
>       if ret is None:raise libvirtError('virConnectOpenAuth() failed')
>   libvirtError: virConnectOpenAuth() failed
> 
> I guess this problem occurs from Cset:680
> http://hg.et.redhat.com/virt/applications/virt-manager--devel?cs=1892867ca5c7
> 
> Before that Cset, connection was able to succeed since the virt-manager
> tried to connect with libvirt.openReadOnly after failed to libvirt.open,
> even if 'self.readOnly' was None.
> After that Cset, 'flags' for libvirt.openAuth depend on 'self.readOnly'
> though 'self.readOnly' is never set.

This is intentional - virt-manager will authenticate with libvirt when 
attempting to connect, so it gets a full read-write connection. In Fedora 8
or later (or any distro with PolicyKit available) this should 'just work'
with you being prompted for password.

> I'm not sure where the readOnly flags should be set, but how about
> this fix for readOnly flags ?

Yes & no - we must only try a read-only connection if we are connecting
to a local hypervisor, and don't have PolicyKit available. This change
makes all connections read only, even remote ones, which is too mcuh.

> ---
> diff -r 07ff9bffe54d src/virtManager/connection.py
> --- a/src/virtManager/connection.py     Mon Feb 18 10:02:21 2008 -0500
> +++ b/src/virtManager/connection.py     Wed Feb 20 17:00:41 2008 +0900
> @@ -403,8 +403,9 @@ class vmmConnection(gobject.GObject):
>          logging.debug("Background thread is running")
>          try:
>              flags = 0
> -            if self.readOnly:
> +            if os.getuid() != 0:
>                  flags = libvirt.VIR_CONNECT_RO
> +                self.readOnly = True
> 
>              self.vmm = libvirt.openAuth(self.uri,
>                                          [[libvirt.VIR_CRED_AUTHNAME,


Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|

More information about the et-mgmt-tools mailing list