[Libvir] [PATCH] About remote operation restrictions of a general user

S.Sakamoto fj0588di at aa.jp.fujitsu.com
Thu Apr 12 05:14:37 UTC 2007 

Hi, Daniel

Sorry, I think that explanation was not enough...


About "virsh connect" of Xen:

When a general user has access to remote,
he can't carry out a command of "virsh --connect xen start <domain>",
but, he can carry out a command of "virsh --connect http://10.xx.xx.xx:8000 start <domain>".
(What is a kind of Hypervisor? not judge it to be it.Therefore this is not ReadOnly.
 "virsh.c - vshInit" decides "R/O" or "R/W" by the result that judged a kind of Hypervisor to be it.)

I think that it is a problem that a general user can carry out command (e.g."start","destroy").


So, I make the patch which prevented remote control using the following problem.


   1)in general user
     # virsh destroy <domain>
       operation virDomainCreate forbidden for read only access        -- I agree with this behavior
     # virsh --conexct xen destory <domain>
       operation virDomainCreate forbidden for read only access        -- I agree with this behavior
     # virsh --conect http://10.xx.xx.xx:8000 destroy <domain>
    <domain> was destory ...        -- I think that this behavior is a problem

   2)in root user
     # virsh destroy <domain>
       <domain> was destory ...        -- I agree with this behavior
     # virsh --conexct xen destory <domain>
       <domain> was destory ...        -- I agree with this behavior
     # virsh --conect http://10.xx.xx.xx:8000 destroy <domain>
       <domain> was destory ...        -- I agree with this behavior


Thanks,
Shigeki Sakamoto.


>  I don't see why you consider that currently a general user can open a R/W
>Xen connection. This will fail. That's IMHO normal. A normal user must 
>use the --readonly flag when connecting to Xen.
>  For remote connections it really depends, if the administrator opened the
>xend port then the remote access would be R/W so those two points looks
>wrong to me.
>
>  I still don't understand what you are trying to achieve. And I won't
>apply any patch until I understand what you are trying to do, why, how
>the patch work and what the side effects may be. I'm sorry if this is
>annoying but this really must be done. You need to convince me on those
>points, and so far I still block on the very early step:
>   - what you are trying to achieve ?
>   - why ?
>Explain to me, possibly with example what the actual problem is. So far
>I disagreed with what you exposed in your model, and I don't understand
>what and how your patch is supposed to change things. Please explain,
>
>  thanks,
>
>Daniel

More information about the libvir-list mailing list