[et-mgmt-tools] [PATCH] readOnly flags for virConnectOpenAuth
Saori Fukuta
fukuta.saori at jp.fujitsu.com
Fri Feb 22 05:19:17 UTC 2008
On Wed, 20 Feb 2008 13:05:22 +0000 "Daniel P. Berrange" wrote:
> On Wed, Feb 20, 2008 at 05:02:56PM +0900, Saori Fukuta wrote:
> > I guess this problem occurs from Cset:680
> > http://hg.et.redhat.com/virt/applications/virt-manager--devel?cs=1892867ca5c7
>
> This is intentional - virt-manager will authenticate with libvirt when
> attempting to connect, so it gets a full read-write connection. In Fedora 8
> or later (or any distro with PolicyKit available) this should 'just work'
> with you being prompted for password.
>
> > I'm not sure where the readOnly flags should be set, but how about
> > this fix for readOnly flags ?
>
> Yes & no - we must only try a read-only connection if we are connecting
> to a local hypervisor, and don't have PolicyKit available. This change
> makes all connections read only, even remote ones, which is too mcuh.
Okey, I understand the intention and I re-work to set the read-only
flag under the following conditions,
- destination is a local hypervisor,
(i.e. including "///" in URI)
- user is a non-root user,
(i.e. uid is not "0")
- PolicyKit is not available with libvirt,
(i.e. "/usr/share/PolicyKit/policy/libvirtd.policy" has not
been created by libvirt)
Could you check the attached patch ?
Thanks,
Saori Fukuta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: set_readOnly.patch
Type: application/octet-stream
Size: 1150 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/et-mgmt-tools/attachments/20080222/29e2a80e/attachment.obj>
More information about the et-mgmt-tools
mailing list