[Libvir] [PATCH] About remote operation restrictions of a general user

Daniel Veillard veillard at redhat.com
Tue Apr 10 10:50:04 UTC 2007

On Tue, Apr 10, 2007 at 04:02:57PM +0900, S.Sakamoto wrote:
> Hi, Daniel
> Would you give me a comment on this model?
> If not, please apply this patch.
> > About virsh connect, I think as follows.
> > 
> > ==========================================================================
> > //Authorization model of a general user of now//
> > 
> >   *Local connection*                     *Remote connection*
> > 
> >      HV     |  Xen  | QEmu/KVM/etc          HV      |  Xen  | QEmu/KVM/etc
> >   ---------------------------------      ---------------------------------
> >   authority |  R/W  |     R/W            authority  |  R/O  |     R/W

  I don't see why you consider that currently a general user can open a R/W
Xen connection. This will fail. That's IMHO normal. A normal user must 
use the --readonly flag when connecting to Xen.
  For remote connections it really depends, if the administrator opened the
xend port then the remote access would be R/W so those two points looks
wrong to me.

  I still don't understand what you are trying to achieve. And I won't
apply any patch until I understand what you are trying to do, why, how
the patch work and what the side effects may be. I'm sorry if this is
annoying but this really must be done. You need to convince me on those
points, and so far I still block on the very early step:
   - what you are trying to achieve ?
   - why ?
Explain to me, possibly with example what the actual problem is. So far
I disagreed with what you exposed in your model, and I don't understand
what and how your patch is supposed to change things. Please explain,



Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard at redhat.com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/

More information about the libvir-list mailing list