[et-mgmt-tools] [PATCH] readOnly flags for virConnectOpenAuth
Daniel P. Berrange
berrange at redhat.com
Wed Feb 20 13:05:22 UTC 2008
On Wed, Feb 20, 2008 at 05:02:56PM +0900, Saori Fukuta wrote:
> Hello,
>
> I cannot connect to localhost Xen with non-root user. The virt-manager
> says the following message,
> Unable to open connection to hypervisor URI 'xen:///':
> <class 'libvirt.libvirtError'> virConnectOpenAuth() failed
> Traceback (most recent call last):
> File "/usr/share/virt-manager/virtManager/connection.py", line 414, in _open_thread
> None], flags)
> File "/usr/lib/python2.5/site-packages/libvirt.py", line 94, in openAuth
> if ret is None:raise libvirtError('virConnectOpenAuth() failed')
> libvirtError: virConnectOpenAuth() failed
>
> I guess this problem occurs from Cset:680
> http://hg.et.redhat.com/virt/applications/virt-manager--devel?cs=1892867ca5c7
>
> Before that Cset, connection was able to succeed since the virt-manager
> tried to connect with libvirt.openReadOnly after failed to libvirt.open,
> even if 'self.readOnly' was None.
> After that Cset, 'flags' for libvirt.openAuth depend on 'self.readOnly'
> though 'self.readOnly' is never set.
This is intentional - virt-manager will authenticate with libvirt when
attempting to connect, so it gets a full read-write connection. In Fedora 8
or later (or any distro with PolicyKit available) this should 'just work'
with you being prompted for password.
> I'm not sure where the readOnly flags should be set, but how about
> this fix for readOnly flags ?
Yes & no - we must only try a read-only connection if we are connecting
to a local hypervisor, and don't have PolicyKit available. This change
makes all connections read only, even remote ones, which is too mcuh.
> ---
> diff -r 07ff9bffe54d src/virtManager/connection.py
> --- a/src/virtManager/connection.py Mon Feb 18 10:02:21 2008 -0500
> +++ b/src/virtManager/connection.py Wed Feb 20 17:00:41 2008 +0900
> @@ -403,8 +403,9 @@ class vmmConnection(gobject.GObject):
> logging.debug("Background thread is running")
> try:
> flags = 0
> - if self.readOnly:
> + if os.getuid() != 0:
> flags = libvirt.VIR_CONNECT_RO
> + self.readOnly = True
>
> self.vmm = libvirt.openAuth(self.uri,
> [[libvirt.VIR_CRED_AUTHNAME,
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
More information about the et-mgmt-tools
mailing list