[et-mgmt-tools] [PATCH] About remote operation restrictions of a general user

"S.Sakamoto" <fj0588di@xxxxxxxxxxxxxxxxx> · Wed, 4 Apr 2007 15:05:28 +0900

Hi

When I use virt-connect in a general user,
and a general user can perform operation system such as "start".

So, here's the patch adds to can't use operation system in "connect" in a general user.

Signed-off-by: Shigeki Sakamoto <fj0588di@xxxxxxxxxxxxxxxxx>


Thanks,
Shigeki Sakamoto.


Index: src/virsh.c
===================================================================
RCS file: /data/cvs/libvirt/src/virsh.c,v
retrieving revision 1.71
diff -u -p -r1.71 virsh.c

--- src/virsh.c	2 Apr 2007 11:56:38 -0000	1.71
+++ src/virsh.c	4 Apr 2007 05:51:08 -0000
@@ -360,6 +360,8 @@ static int
 cmdConnect(vshControl * ctl, vshCmd * cmd)
 {
     int ro = vshCommandOptBool(cmd, "readonly");
+    virDomainPtr dom;
+    char *ret;
 
     if (ctl->conn) {
         if (virConnectClose(ctl->conn) != 0) {
@@ -374,12 +376,25 @@ cmdConnect(vshControl * ctl, vshCmd * cm
         free(ctl->name);
     ctl->name = vshStrdup(ctl, vshCommandOptString(cmd, "name", NULL));
 
+    ctl->conn = virConnectOpenReadOnly(ctl->name);
+    ctl->readonly = 1;
+    if (!ro && ctl->uid != 0){
+        dom = virDomainLookupByID(ctl->conn, 0);
+        if (dom==NULL)
+            return FALSE;
+        ret = virDomainGetXMLDesc(dom, 0);
+        if (NULL != strstr(ret, "domain type='xen'"))
+            ro = 1;
+        free(ret);
+    }
     if (!ro) {
+        if (virConnectClose(ctl->conn) != 0) {
+            vshError(ctl, FALSE,
+                        _("Failed to disconnect from the hypervisor"));
+            return FALSE;
+        }
         ctl->conn = virConnectOpen(ctl->name);
         ctl->readonly = 0;
-    } else {
-        ctl->conn = virConnectOpenReadOnly(ctl->name);
-        ctl->readonly = 1;
     }
 
     if (!ctl->conn)
@@ -3175,6 +3190,9 @@ _vshStrdup(vshControl * ctl, const char 
 static int
 vshInit(vshControl * ctl)
 {
+    virDomainPtr dom;
+    char *ret;
+
     if (ctl->conn)
         return FALSE;
 
@@ -3188,8 +3206,26 @@ vshInit(vshControl * ctl)
          !strcasecmp(ctl->name, "xen")) && ctl->uid != 0)
          ctl->readonly = 1;
 
-    if (!ctl->readonly)
+    if (!ctl->readonly) {
         ctl->conn = virConnectOpen(ctl->name);
+
+        if (ctl->uid != 0){
+            dom = virDomainLookupByID(ctl->conn, 0);
+            if (dom==NULL)
+                return FALSE;
+            ret = virDomainGetXMLDesc(dom, 0);
+            if (NULL != strstr(ret, "domain type='xen'")) {
+                if (virConnectClose(ctl->conn) != 0) {
+                    vshError(ctl, FALSE,
+                             _("Failed to disconnect from the hypervisor"));
+                    return FALSE;
+                }
+                ctl->conn = virConnectOpenReadOnly(ctl->name);
+                ctl->readonly = 1;
+            }
+            free(ret);
+        }
+    }
     else
         ctl->conn = virConnectOpenReadOnly(ctl->name);
 





