[et-mgmt-tools] Bogus heuristics in virt-manager

[Soren Hansen]

Hi!

I've run into a very annoying issue in virt-manager.

I primarily use libvirt to manage kvm sessions at qemu:///system. I do
this as my regular user on my system (I have write access to the
appropriate libvirtd socket). If I hand craft the XML describing my
virtual machine, I can connect to virtual networks, bridge onto the
existing LAN, etc. I can also set up new virtual networks and basically
anything else that root can do. However, virt-manager still treats me as
a lowly user with no particular privileges. This is because
virt-manager's code is full of (os.getuid() == 0) checks, which in my
case are completely wrong.

I see a few solutions to this:

a) Clean up all these calls and replace them with a
"can_do_fancy_stuff(con)" call and add the necessary logic to that new
function.

b) Move the logic to libvirt and provide a
virConnectIsPrivileged(virConnectPtr *) function that does basically the
same thing.

c) Take a more granular approach to b) and provide a way to query if
specific tasks can be done through the given connection.



a) Is quite easy. I could probably have that done in no more than a few
hours.  b) is almost as easy to do, but I'm not sure if all the existing (or
future) vm types have such a simple model (either you can do only basic
stuff, or you can do everything). c) smells like the right way to do it,
takes slightly longer, but should be relatively future proof.

-- 
Soren Hansen
Ubuntu Server Team
http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/et-mgmt-tools/attachments/20080109/38c16c74/attachment.sig>