[PATCH] add global --readonly flag to virsh

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The current vshInit function in virsh tries some dodgy heuristics to see if it should connect readonly or read/write to the hypervisor. Unfortunately these heuristics fail, eg. when you have a root-owned system-wide qemud, and a user trying to run virsh as non-root.
This patch removes the heuristics and replaces them with a simple -r | --readonly flag on the command line. If omitted, we try to connect read/write, otherwise we try to connect readonly.
Note that this doesn't affect the "connect" command in the shell, which still has its own --readonly flag that is completely separate from this new global flag. 

Rich.

diff --git a/src/virsh.c b/src/virsh.c
index 90030a8..5200c3d 100644
--- a/src/virsh.c
+++ b/src/virsh.c
@@ -171,6 +171,9 @@ typedef struct __vshControl {
     int quiet;                  /* quiet mode */
     int debug;                  /* print debug messages? */
     int timing;                 /* print timing info? */
+    int readonly;               /* connect readonly (first time only, not
+                                 * during explicit connect command)
+                                 */
 } __vshControl;
 
 
@@ -3124,12 +3127,7 @@ vshInit(vshControl * ctl)
     /* set up the library error handler */
     virSetErrorFunc(NULL, virshErrorHandler);
 
-    /* basic connection to hypervisor, for Xen connections unless
-       we're root open a read only connections. Allow 'test' HV
-       to be RW all the time though */
-    if (ctl->uid == 0 || (ctl->name && 
-			  (!strncmp(ctl->name, "test", 4) ||
-			   !strncmp(ctl->name, "qemu", 4))))
+    if (!ctl->readonly)
         ctl->conn = virConnectOpen(ctl->name);
     else
         ctl->conn = virConnectOpenReadOnly(ctl->name);
@@ -3286,6 +3284,7 @@ vshUsage(vshControl * ctl, const char *cmdname)
         fprintf(stdout, _("\n%s [options] [commands]\n\n"
                           "  options:\n"
                           "    -c | --connect <uri>    hypervisor connection URI\n"
+                          "    -r | --readonly         connect readonly\n"
                           "    -d | --debug <num>      debug level [0-5]\n"
                           "    -h | --help             this help\n"
                           "    -q | --quiet            quiet mode\n"
@@ -3323,6 +3322,7 @@ vshParseArgv(vshControl * ctl, int argc, char **argv)
         {"timing", 0, 0, 't'},
         {"version", 0, 0, 'v'},
         {"connect", 1, 0, 'c'},
+        {"readonly", 0, 0, 'r'},
         {0, 0, 0, 0}
     };
 
@@ -3365,7 +3365,7 @@ vshParseArgv(vshControl * ctl, int argc, char **argv)
     end = end ? : argc;
 
     /* standard (non-command) options */
-    while ((arg = getopt_long(end, argv, "d:hqtc:v", opt, &idx)) != -1) {
+    while ((arg = getopt_long(end, argv, "d:hqtc:vr", opt, &idx)) != -1) {
         switch (arg) {
         case 'd':
             ctl->debug = atoi(optarg);
@@ -3385,6 +3385,9 @@ vshParseArgv(vshControl * ctl, int argc, char **argv)
         case 'v':
             fprintf(stdout, "%s\n", VERSION);
             exit(EXIT_SUCCESS);
+        case 'r':
+            ctl->readonly = TRUE;
+            break;
         default:
             vshError(ctl, TRUE,
                      _("unsupported option '-%c'. See --help."), arg);
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]