[PATCH 09/24] maint: improve VIR_ERR_OPERATION_DENIED usage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Some of our operation denied messages are outright stupid; for
example, if virIdentitySetAttr fails:

error: operation Identity attribute is already set forbidden for read only access

This patch fixes things to a saner:

error: operation forbidden: Identity attribute is already set

It also consolidates the most common usage pattern for operation
denied errors: read-only connections preventing a public API.  In
this case, 'virsh -r -c test:///default destroy test' changes from:

error: operation virDomainDestroy forbidden for read only access

to:

error: operation forbidden: read only access prevents virDomainDestroy

* src/util/virerror.c (virErrorMsg): Rework OPERATION_DENIED error
message.
* src/internal.h (virCheckReadOnlyGoto): New macro.
* src/util/virerror.h (virReportRestrictedError): New macro.
* src/libvirt-lxc.c: Use new macros.
* src/libvirt-qemu.c: Likewise.
* src/libvirt.c: Likewise.
* src/locking/lock_daemon.c (virLockDaemonClientNew): Likewise.

Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
---
 src/internal.h            |   9 +
 src/libvirt-lxc.c         |   6 +-
 src/libvirt-qemu.c        |  16 +-
 src/libvirt.c             | 748 +++++++++-------------------------------------
 src/locking/lock_daemon.c |  16 +-
 src/util/virerror.c       |   2 +-
 src/util/virerror.h       |   3 +
 7 files changed, 172 insertions(+), 628 deletions(-)

diff --git a/src/internal.h b/src/internal.h
index c90c83f..9b9bcc3 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -350,6 +350,15 @@
             goto label;                                 \
         }                                               \
     } while (0)
+# define virCheckReadOnlyGoto(flags, label)                             \
+    do {                                                                \
+        if ((flags) & VIR_CONNECT_RO) {                                 \
+            virReportRestrictedError(_("read only access prevents %s"), \
+                                     __FUNCTION__);                     \
+            goto label;                                                 \
+        }                                                               \
+    } while (0)
+


 /* divide value by size, rounding up */
diff --git a/src/libvirt-lxc.c b/src/libvirt-lxc.c
index 5bf5f56..fc56a58 100644
--- a/src/libvirt-lxc.c
+++ b/src/libvirt-lxc.c
@@ -83,11 +83,7 @@ virDomainLxcOpenNamespace(virDomainPtr domain,
     conn = domain->conn;

     virCheckNonNullArgGoto(fdlist, error);
-
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainLxcOpenNamespace) {
         int ret;
diff --git a/src/libvirt-qemu.c b/src/libvirt-qemu.c
index 79486fd..4aaff39 100644
--- a/src/libvirt-qemu.c
+++ b/src/libvirt-qemu.c
@@ -90,11 +90,7 @@ virDomainQemuMonitorCommand(virDomainPtr domain, const char *cmd,
     conn = domain->conn;

     virCheckNonNullArgGoto(result, error);
-
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainQemuMonitorCommand) {
         int ret;
@@ -167,10 +163,7 @@ virDomainQemuAttach(virConnectPtr conn,
         goto error;
     }

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainQemuAttach) {
         virDomainPtr ret;
@@ -229,10 +222,7 @@ virDomainQemuAgentCommand(virDomainPtr domain,

     conn = domain->conn;

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainQemuAgentCommand) {
         ret = conn->driver->domainQemuAgentCommand(domain, cmd,
diff --git a/src/libvirt.c b/src/libvirt.c
index 693adbf..6d1601f 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -2012,10 +2012,7 @@ virDomainCreateXML(virConnectPtr conn, const char *xmlDesc,
         return NULL;
     }
     virCheckNonNullArgGoto(xmlDesc, error);
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainCreateXML) {
         virDomainPtr ret;
@@ -2084,10 +2081,7 @@ virDomainCreateXMLWithFiles(virConnectPtr conn, const char *xmlDesc,
         return NULL;
     }
     virCheckNonNullArgGoto(xmlDesc, error);
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainCreateXMLWithFiles) {
         virDomainPtr ret;
@@ -2328,10 +2322,7 @@ virDomainDestroy(virDomainPtr domain)
     }

     conn = domain->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainDestroy) {
         int ret;
@@ -2395,10 +2386,7 @@ virDomainDestroyFlags(virDomainPtr domain,
     }

     conn = domain->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainDestroyFlags) {
         int ret;
@@ -2505,10 +2493,7 @@ virDomainSuspend(virDomainPtr domain)
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     conn = domain->conn;

@@ -2554,10 +2539,7 @@ virDomainResume(virDomainPtr domain)
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     conn = domain->conn;

@@ -2624,10 +2606,7 @@ virDomainPMSuspendForDuration(virDomainPtr dom,

     conn = dom->conn;

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainPMSuspendForDuration) {
         int ret;
@@ -2676,10 +2655,7 @@ virDomainPMWakeup(virDomainPtr dom,

     conn = dom->conn;

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainPMWakeup) {
         int ret;
@@ -2727,10 +2703,7 @@ virDomainSave(virDomainPtr domain, const char *to)
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);
     conn = domain->conn;
     virCheckNonNullArgGoto(to, error);

@@ -2817,10 +2790,7 @@ virDomainSaveFlags(virDomainPtr domain, const char *to,
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);
     conn = domain->conn;
     virCheckNonNullArgGoto(to, error);

@@ -2881,10 +2851,7 @@ virDomainRestore(virConnectPtr conn, const char *from)
         virDispatchError(NULL);
         return -1;
     }
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);
     virCheckNonNullArgGoto(from, error);

     if (conn->driver->domainRestore) {
@@ -2958,10 +2925,7 @@ virDomainRestoreFlags(virConnectPtr conn, const char *from, const char *dxml,
         virDispatchError(NULL);
         return -1;
     }
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);
     virCheckNonNullArgGoto(from, error);

     if ((flags & VIR_DOMAIN_SAVE_RUNNING) && (flags & VIR_DOMAIN_SAVE_PAUSED)) {
@@ -3108,10 +3072,7 @@ virDomainSaveImageDefineXML(virConnectPtr conn, const char *file,
         virDispatchError(NULL);
         return -1;
     }
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);
     virCheckNonNullArgGoto(file, error);
     virCheckNonNullArgGoto(dxml, error);

@@ -3189,10 +3150,7 @@ virDomainCoreDump(virDomainPtr domain, const char *to, unsigned int flags)
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);
     conn = domain->conn;
     virCheckNonNullArgGoto(to, error);

@@ -3284,11 +3242,7 @@ virDomainScreenshot(virDomainPtr domain,
         virLibConnError(VIR_ERR_INVALID_STREAM, __FUNCTION__);
         return NULL;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO ||
-        stream->conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags | stream->conn->flags, error);

     if (domain->conn->driver->domainScreenshot) {
         char * ret;
@@ -3342,10 +3296,7 @@ virDomainShutdown(virDomainPtr domain)
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     conn = domain->conn;

@@ -3406,10 +3357,7 @@ virDomainShutdownFlags(virDomainPtr domain, unsigned int flags)
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     conn = domain->conn;

@@ -3471,10 +3419,7 @@ virDomainReboot(virDomainPtr domain, unsigned int flags)
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     conn = domain->conn;

@@ -3522,10 +3467,7 @@ virDomainReset(virDomainPtr domain, unsigned int flags)
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     conn = domain->conn;

@@ -3781,10 +3723,7 @@ virDomainSetMaxMemory(virDomainPtr domain, unsigned long memory)
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);
     virCheckNonZeroArgGoto(memory, error);

     conn = domain->conn;
@@ -3834,10 +3773,7 @@ virDomainSetMemory(virDomainPtr domain, unsigned long memory)
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);
     virCheckNonZeroArgGoto(memory, error);

     conn = domain->conn;
@@ -3899,10 +3835,7 @@ virDomainSetMemoryFlags(virDomainPtr domain, unsigned long memory,
         return -1;
     }

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);
     virCheckNonZeroArgGoto(memory, error);

     conn = domain->conn;
@@ -3961,10 +3894,7 @@ virDomainSetMemoryStatsPeriod(virDomainPtr domain, int period,
         return -1;
     }

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     /* This must be positive to set the balloon collection period */
     virCheckNonNegativeArgGoto(period, error);
@@ -4060,10 +3990,7 @@ virDomainSetMemoryParameters(virDomainPtr domain,
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);
     virCheckNonNullArgGoto(params, error);
     virCheckPositiveArgGoto(nparams, error);

@@ -4205,10 +4132,7 @@ virDomainSetNumaParameters(virDomainPtr domain,
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);
     virCheckNonNullArgGoto(params, error);
     virCheckPositiveArgGoto(nparams, error);
     if (virTypedParameterValidateSet(domain->conn, params, nparams) < 0)
@@ -4334,10 +4258,7 @@ virDomainSetBlkioParameters(virDomainPtr domain,
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);
     virCheckNonNullArgGoto(params, error);
     virCheckNonNegativeArgGoto(nparams, error);

@@ -4671,10 +4592,7 @@ char *virConnectDomainXMLFromNative(virConnectPtr conn,
         virDispatchError(NULL);
         return NULL;
     }
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     virCheckNonNullArgGoto(nativeFormat, error);
     virCheckNonNullArgGoto(nativeConfig, error);
@@ -4727,10 +4645,7 @@ char *virConnectDomainXMLToNative(virConnectPtr conn,
         virDispatchError(NULL);
         return NULL;
     }
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     virCheckNonNullArgGoto(nativeFormat, error);
     virCheckNonNullArgGoto(domainXml, error);
@@ -5582,21 +5497,14 @@ virDomainMigrate(virDomainPtr domain,
         virDispatchError(NULL);
         return NULL;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     /* Now checkout the destination */
     if (!VIR_IS_CONNECT(dconn)) {
         virLibConnError(VIR_ERR_INVALID_CONN, __FUNCTION__);
         goto error;
     }
-    if (dconn->flags & VIR_CONNECT_RO) {
-        /* NB, deliberately report error against source object, not dest */
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dconn->flags, error);

     if (flags & VIR_MIGRATE_NON_SHARED_DISK &&
         flags & VIR_MIGRATE_NON_SHARED_INC) {
@@ -5822,21 +5730,14 @@ virDomainMigrate2(virDomainPtr domain,
         virDispatchError(NULL);
         return NULL;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     /* Now checkout the destination */
     if (!VIR_IS_CONNECT(dconn)) {
         virLibConnError(VIR_ERR_INVALID_CONN, __FUNCTION__);
         goto error;
     }
-    if (dconn->flags & VIR_CONNECT_RO) {
-        /* NB, deliberately report error against source object, not dest */
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dconn->flags, error);

     if (flags & VIR_MIGRATE_NON_SHARED_DISK &&
         flags & VIR_MIGRATE_NON_SHARED_INC) {
@@ -6013,21 +5914,14 @@ virDomainMigrate3(virDomainPtr domain,
         virDispatchError(NULL);
         return NULL;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     /* Now checkout the destination */
     if (!VIR_IS_CONNECT(dconn)) {
         virLibConnError(VIR_ERR_INVALID_CONN, __FUNCTION__);
         goto error;
     }
-    if (dconn->flags & VIR_CONNECT_RO) {
-        /* NB, deliberately report error against source object, not dest */
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dconn->flags, error);

     if (flags & VIR_MIGRATE_NON_SHARED_DISK &&
         flags & VIR_MIGRATE_NON_SHARED_INC) {
@@ -6246,10 +6140,7 @@ virDomainMigrateToURI(virDomainPtr domain,
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     virCheckNonNullArgGoto(duri, error);

@@ -6412,10 +6303,7 @@ virDomainMigrateToURI2(virDomainPtr domain,
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     if (flags & VIR_MIGRATE_NON_SHARED_DISK &&
         flags & VIR_MIGRATE_NON_SHARED_INC) {
@@ -6528,10 +6416,7 @@ virDomainMigrateToURI3(virDomainPtr domain,
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     if (flags & VIR_MIGRATE_NON_SHARED_DISK &&
         flags & VIR_MIGRATE_NON_SHARED_INC) {
@@ -6640,10 +6525,7 @@ virDomainMigratePrepare(virConnectPtr dconn,
         return -1;
     }

-    if (dconn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dconn->flags, error);

     if (dconn->driver->domainMigratePrepare) {
         int ret;
@@ -6691,10 +6573,7 @@ virDomainMigratePerform(virDomainPtr domain,
     }
     conn = domain->conn;

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     if (conn->driver->domainMigratePerform) {
         int ret;
@@ -6738,10 +6617,7 @@ virDomainMigrateFinish(virConnectPtr dconn,
         return NULL;
     }

-    if (dconn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dconn->flags, error);

     if (dconn->driver->domainMigrateFinish) {
         virDomainPtr ret;
@@ -6789,10 +6665,7 @@ virDomainMigratePrepare2(virConnectPtr dconn,
         return -1;
     }

-    if (dconn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dconn->flags, error);

     if (dconn->driver->domainMigratePrepare2) {
         int ret;
@@ -6838,10 +6711,7 @@ virDomainMigrateFinish2(virConnectPtr dconn,
         return NULL;
     }

-    if (dconn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dconn->flags, error);

     if (dconn->driver->domainMigrateFinish2) {
         virDomainPtr ret;
@@ -6886,10 +6756,7 @@ virDomainMigratePrepareTunnel(virConnectPtr conn,
         return -1;
     }

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn != st->conn) {
         virReportInvalidArg(conn,
@@ -6944,10 +6811,7 @@ virDomainMigrateBegin3(virDomainPtr domain,
     }
     conn = domain->conn;

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     if (conn->driver->domainMigrateBegin3) {
         char *xml;
@@ -6999,10 +6863,7 @@ virDomainMigratePrepare3(virConnectPtr dconn,
         return -1;
     }

-    if (dconn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dconn->flags, error);

     if (dconn->driver->domainMigratePrepare3) {
         int ret;
@@ -7055,10 +6916,7 @@ virDomainMigratePrepareTunnel3(virConnectPtr conn,
         return -1;
     }

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn != st->conn) {
         virReportInvalidArg(conn,
@@ -7121,10 +6979,7 @@ virDomainMigratePerform3(virDomainPtr domain,
     }
     conn = domain->conn;

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     if (conn->driver->domainMigratePerform3) {
         int ret;
@@ -7175,10 +7030,7 @@ virDomainMigrateFinish3(virConnectPtr dconn,
         return NULL;
     }

-    if (dconn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dconn->flags, error);

     if (dconn->driver->domainMigrateFinish3) {
         virDomainPtr ret;
@@ -7226,10 +7078,7 @@ virDomainMigrateConfirm3(virDomainPtr domain,
     }
     conn = domain->conn;

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     if (conn->driver->domainMigrateConfirm3) {
         int ret;
@@ -7277,10 +7126,7 @@ virDomainMigrateBegin3Params(virDomainPtr domain,
     }
     conn = domain->conn;

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     if (conn->driver->domainMigrateBegin3Params) {
         char *xml;
@@ -7330,10 +7176,7 @@ virDomainMigratePrepare3Params(virConnectPtr dconn,
         return -1;
     }

-    if (dconn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dconn->flags, error);

     if (dconn->driver->domainMigratePrepare3Params) {
         int ret;
@@ -7383,10 +7226,7 @@ virDomainMigratePrepareTunnel3Params(virConnectPtr conn,
         return -1;
     }

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn != st->conn) {
         virReportInvalidArg(conn,
@@ -7445,10 +7285,7 @@ virDomainMigratePerform3Params(virDomainPtr domain,
     }
     conn = domain->conn;

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     if (conn->driver->domainMigratePerform3Params) {
         int ret;
@@ -7497,10 +7334,7 @@ virDomainMigrateFinish3Params(virConnectPtr dconn,
         return NULL;
     }

-    if (dconn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dconn->flags, error);

     if (dconn->driver->domainMigrateFinish3Params) {
         virDomainPtr ret;
@@ -7549,10 +7383,7 @@ virDomainMigrateConfirm3Params(virDomainPtr domain,
     }
     conn = domain->conn;

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     if (conn->driver->domainMigrateConfirm3Params) {
         int ret;
@@ -7914,10 +7745,7 @@ virNodeSuspendForDuration(virConnectPtr conn,
         return -1;
     }

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->nodeSuspendForDuration) {
         int ret;
@@ -8040,10 +7868,7 @@ virNodeSetMemoryParameters(virConnectPtr conn,
         return -1;
     }

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     virCheckNonNullArgGoto(params, error);
     virCheckNonNegativeArgGoto(nparams, error);
@@ -8284,10 +8109,7 @@ virDomainSetSchedulerParameters(virDomainPtr domain,
         return -1;
     }

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);
     virCheckNonNullArgGoto(params, error);
     virCheckNonNegativeArgGoto(nparams, error);

@@ -8349,10 +8171,7 @@ virDomainSetSchedulerParametersFlags(virDomainPtr domain,
         return -1;
     }

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);
     virCheckNonNullArgGoto(params, error);
     virCheckNonNegativeArgGoto(nparams, error);

@@ -8634,10 +8453,7 @@ virDomainSetInterfaceParameters(virDomainPtr domain,
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);
     virCheckNonNullArgGoto(params, error);
     virCheckPositiveArgGoto(nparams, error);

@@ -8875,10 +8691,7 @@ virDomainBlockPeek(virDomainPtr dom,
     }
     conn = dom->conn;

-    if (dom->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dom->conn->flags, error);

     virCheckNonNullArgGoto(disk, error);

@@ -8949,10 +8762,7 @@ virDomainBlockResize(virDomainPtr dom,
     }
     conn = dom->conn;

-    if (dom->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dom->conn->flags, error);

     virCheckNonNullArgGoto(disk, error);

@@ -9027,10 +8837,7 @@ virDomainMemoryPeek(virDomainPtr dom,
     }
     conn = dom->conn;

-    if (dom->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dom->conn->flags, error);

     /* Note on access to physical memory: A VIR_MEMORY_PHYSICAL flag is
      * a possibility.  However it isn't really useful unless the caller
@@ -9175,10 +8982,7 @@ virDomainDefineXML(virConnectPtr conn, const char *xml)
         virDispatchError(NULL);
         return NULL;
     }
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);
     virCheckNonNullArgGoto(xml, error);

     if (conn->driver->domainDefineXML) {
@@ -9227,10 +9031,7 @@ virDomainUndefine(virDomainPtr domain)
         return -1;
     }
     conn = domain->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainUndefine) {
         int ret;
@@ -9288,10 +9089,7 @@ virDomainUndefineFlags(virDomainPtr domain,
         return -1;
     }
     conn = domain->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainUndefineFlags) {
         int ret;
@@ -9529,10 +9327,7 @@ virDomainCreate(virDomainPtr domain)
         return -1;
     }
     conn = domain->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainCreate) {
         int ret;
@@ -9598,10 +9393,7 @@ virDomainCreateWithFlags(virDomainPtr domain, unsigned int flags)
         return -1;
     }
     conn = domain->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainCreateWithFlags) {
         int ret;
@@ -9678,10 +9470,7 @@ virDomainCreateWithFiles(virDomainPtr domain, unsigned int nfiles,
         return -1;
     }
     conn = domain->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainCreateWithFiles) {
         int ret;
@@ -9775,10 +9564,7 @@ virDomainSetAutostart(virDomainPtr domain,

     conn = domain->conn;

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     if (conn->driver->domainSetAutostart) {
         int ret;
@@ -9818,10 +9604,7 @@ virDomainInjectNMI(virDomainPtr domain, unsigned int flags)
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     conn = domain->conn;

@@ -9883,10 +9666,7 @@ virDomainSendKey(virDomainPtr domain,
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     conn = domain->conn;

@@ -9960,10 +9740,7 @@ virDomainSendProcessSignal(virDomainPtr domain,

     virCheckNonZeroArgGoto(pid_value, error);

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     conn = domain->conn;

@@ -10017,10 +9794,7 @@ virDomainSetVcpus(virDomainPtr domain, unsigned int nvcpus)
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     virCheckNonZeroArgGoto(nvcpus, error);

@@ -10093,10 +9867,7 @@ virDomainSetVcpusFlags(virDomainPtr domain, unsigned int nvcpus,
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     if (flags & VIR_DOMAIN_VCPU_GUEST &&
         flags & VIR_DOMAIN_VCPU_MAXIMUM) {
@@ -10238,10 +10009,7 @@ virDomainPinVcpu(virDomainPtr domain, unsigned int vcpu,
         virDispatchError(NULL);
         return -1;
     }
-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     virCheckNonNullArgGoto(cpumap, error);
     virCheckPositiveArgGoto(maplen, error);
@@ -10319,10 +10087,7 @@ virDomainPinVcpuFlags(virDomainPtr domain, unsigned int vcpu,
         return -1;
     }

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     virCheckNonNullArgGoto(cpumap, error);
     virCheckPositiveArgGoto(maplen, error);
@@ -10477,10 +10242,7 @@ virDomainPinEmulator(virDomainPtr domain, unsigned char *cpumap,
         return -1;
     }

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);

     virCheckNonNullArgGoto(cpumap, error);
     virCheckPositiveArgGoto(maplen, error);
@@ -10838,10 +10600,7 @@ virDomainSetMetadata(virDomainPtr domain,

     conn = domain->conn;

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     switch (type) {
     case VIR_DOMAIN_METADATA_TITLE:
@@ -11035,10 +10794,7 @@ virDomainAttachDevice(virDomainPtr domain, const char *xml)

     virCheckNonNullArgGoto(xml, error);

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);
     conn = domain->conn;

     if (conn->driver->domainAttachDevice) {
@@ -11099,10 +10855,7 @@ virDomainAttachDeviceFlags(virDomainPtr domain,

     virCheckNonNullArgGoto(xml, error);

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);
     conn = domain->conn;

     if (conn->driver->domainAttachDeviceFlags) {
@@ -11148,10 +10901,7 @@ virDomainDetachDevice(virDomainPtr domain, const char *xml)

     virCheckNonNullArgGoto(xml, error);

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);
     conn = domain->conn;

     if (conn->driver->domainDetachDevice) {
@@ -11228,10 +10978,7 @@ virDomainDetachDeviceFlags(virDomainPtr domain,

     virCheckNonNullArgGoto(xml, error);

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);
     conn = domain->conn;

     if (conn->driver->domainDetachDeviceFlags) {
@@ -11292,10 +11039,7 @@ virDomainUpdateDeviceFlags(virDomainPtr domain,

     virCheckNonNullArgGoto(xml, error);

-    if (domain->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(domain->conn->flags, error);
     conn = domain->conn;

     if (conn->driver->domainUpdateDeviceFlags) {
@@ -11783,10 +11527,7 @@ virNetworkCreateXML(virConnectPtr conn, const char *xmlDesc)
     }
     virCheckNonNullArgGoto(xmlDesc, error);

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->networkDriver && conn->networkDriver->networkCreateXML) {
         virNetworkPtr ret;
@@ -11825,10 +11566,7 @@ virNetworkDefineXML(virConnectPtr conn, const char *xml)
         virDispatchError(NULL);
         return NULL;
     }
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);
     virCheckNonNullArgGoto(xml, error);

     if (conn->networkDriver && conn->networkDriver->networkDefineXML) {
@@ -11869,10 +11607,7 @@ virNetworkUndefine(virNetworkPtr network)
         return -1;
     }
     conn = network->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibNetworkError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->networkDriver && conn->networkDriver->networkUndefine) {
         int ret;
@@ -11929,10 +11664,7 @@ virNetworkUpdate(virNetworkPtr network,
         return -1;
     }
     conn = network->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibNetworkError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     virCheckNonNullArgGoto(xml, error);

@@ -11976,10 +11708,7 @@ virNetworkCreate(virNetworkPtr network)
         return -1;
     }
     conn = network->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibNetworkError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->networkDriver && conn->networkDriver->networkCreate) {
         int ret;
@@ -12023,10 +11752,7 @@ virNetworkDestroy(virNetworkPtr network)
     }

     conn = network->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibNetworkError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->networkDriver && conn->networkDriver->networkDestroy) {
         int ret;
@@ -12356,10 +12082,7 @@ virNetworkSetAutostart(virNetworkPtr network,
         return -1;
     }

-    if (network->conn->flags & VIR_CONNECT_RO) {
-        virLibNetworkError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(network->conn->flags, error);

     conn = network->conn;

@@ -12859,10 +12582,7 @@ virInterfaceDefineXML(virConnectPtr conn, const char *xml, unsigned int flags)
         virDispatchError(NULL);
         return NULL;
     }
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);
     virCheckNonNullArgGoto(xml, error);

     if (conn->interfaceDriver && conn->interfaceDriver->interfaceDefineXML) {
@@ -12914,10 +12634,7 @@ virInterfaceUndefine(virInterfacePtr iface)
         return -1;
     }
     conn = iface->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibInterfaceError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->interfaceDriver && conn->interfaceDriver->interfaceUndefine) {
         int ret;
@@ -12963,10 +12680,7 @@ virInterfaceCreate(virInterfacePtr iface, unsigned int flags)
         return -1;
     }
     conn = iface->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibInterfaceError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->interfaceDriver && conn->interfaceDriver->interfaceCreate) {
         int ret;
@@ -13017,10 +12731,7 @@ virInterfaceDestroy(virInterfacePtr iface, unsigned int flags)
     }

     conn = iface->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibInterfaceError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->interfaceDriver && conn->interfaceDriver->interfaceDestroy) {
         int ret;
@@ -13128,10 +12839,7 @@ virInterfaceChangeBegin(virConnectPtr conn, unsigned int flags)
         return -1;
     }

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibInterfaceError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->interfaceDriver && conn->interfaceDriver->interfaceChangeBegin) {
         int ret;
@@ -13176,10 +12884,7 @@ virInterfaceChangeCommit(virConnectPtr conn, unsigned int flags)
         return -1;
     }

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibInterfaceError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->interfaceDriver && conn->interfaceDriver->interfaceChangeCommit) {
         int ret;
@@ -13224,10 +12929,7 @@ virInterfaceChangeRollback(virConnectPtr conn, unsigned int flags)
         return -1;
     }

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibInterfaceError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->interfaceDriver &&
         conn->interfaceDriver->interfaceChangeRollback) {
@@ -13578,10 +13280,7 @@ virConnectFindStoragePoolSources(virConnectPtr conn,
     }
     virCheckNonNullArgGoto(type, error);

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->storageDriver && conn->storageDriver->connectFindStoragePoolSources) {
         char *ret;
@@ -13784,10 +13483,7 @@ virStoragePoolCreateXML(virConnectPtr conn,
     }
     virCheckNonNullArgGoto(xmlDesc, error);

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->storageDriver && conn->storageDriver->storagePoolCreateXML) {
         virStoragePoolPtr ret;
@@ -13830,10 +13526,7 @@ virStoragePoolDefineXML(virConnectPtr conn,
         virDispatchError(NULL);
         return NULL;
     }
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);
     virCheckNonNullArgGoto(xml, error);

     if (conn->storageDriver && conn->storageDriver->storagePoolDefineXML) {
@@ -13879,10 +13572,7 @@ virStoragePoolBuild(virStoragePoolPtr pool,
         return -1;
     }
     conn = pool->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibStoragePoolError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->storageDriver && conn->storageDriver->storagePoolBuild) {
         int ret;
@@ -13922,10 +13612,7 @@ virStoragePoolUndefine(virStoragePoolPtr pool)
         return -1;
     }
     conn = pool->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibStoragePoolError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->storageDriver && conn->storageDriver->storagePoolUndefine) {
         int ret;
@@ -13967,10 +13654,7 @@ virStoragePoolCreate(virStoragePoolPtr pool,
         return -1;
     }
     conn = pool->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibStoragePoolError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->storageDriver && conn->storageDriver->storagePoolCreate) {
         int ret;
@@ -14015,10 +13699,7 @@ virStoragePoolDestroy(virStoragePoolPtr pool)
     }

     conn = pool->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibStoragePoolError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->storageDriver && conn->storageDriver->storagePoolDestroy) {
         int ret;
@@ -14063,10 +13744,7 @@ virStoragePoolDelete(virStoragePoolPtr pool,
     }

     conn = pool->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibStoragePoolError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->storageDriver && conn->storageDriver->storagePoolDelete) {
         int ret;
@@ -14172,10 +13850,7 @@ virStoragePoolRefresh(virStoragePoolPtr pool,
     }

     conn = pool->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibStoragePoolError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->storageDriver && conn->storageDriver->storagePoolRefresh) {
         int ret;
@@ -14442,10 +14117,7 @@ virStoragePoolSetAutostart(virStoragePoolPtr pool,
         return -1;
     }

-    if (pool->conn->flags & VIR_CONNECT_RO) {
-        virLibStoragePoolError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(pool->conn->flags, error);

     conn = pool->conn;

@@ -14839,10 +14511,7 @@ virStorageVolCreateXML(virStoragePoolPtr pool,

     virCheckNonNullArgGoto(xmlDesc, error);

-    if (pool->conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(pool->conn->flags, error);

     if (pool->conn->storageDriver && pool->conn->storageDriver->storageVolCreateXML) {
         virStorageVolPtr ret;
@@ -14902,12 +14571,7 @@ virStorageVolCreateXMLFrom(virStoragePoolPtr pool,
     }

     virCheckNonNullArgGoto(xmlDesc, error);
-
-    if (pool->conn->flags & VIR_CONNECT_RO ||
-        clonevol->conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(pool->conn->flags | clonevol->conn->flags, error);

     if (pool->conn->storageDriver &&
         pool->conn->storageDriver->storageVolCreateXMLFrom) {
@@ -14969,11 +14633,7 @@ virStorageVolDownload(virStorageVolPtr vol,
         return -1;
     }

-    if (vol->conn->flags & VIR_CONNECT_RO ||
-        stream->conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(vol->conn->flags | stream->conn->flags, error);

     if (vol->conn->storageDriver &&
         vol->conn->storageDriver->storageVolDownload) {
@@ -15040,11 +14700,7 @@ virStorageVolUpload(virStorageVolPtr vol,
         return -1;
     }

-    if (vol->conn->flags & VIR_CONNECT_RO ||
-        stream->conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(vol->conn->flags | stream->conn->flags, error);

     if (vol->conn->storageDriver &&
         vol->conn->storageDriver->storageVolUpload) {
@@ -15092,10 +14748,7 @@ virStorageVolDelete(virStorageVolPtr vol,
     }

     conn = vol->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibStorageVolError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->storageDriver && conn->storageDriver->storageVolDelete) {
         int ret;
@@ -15138,10 +14791,7 @@ virStorageVolWipe(virStorageVolPtr vol,
     }

     conn = vol->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibStorageVolError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->storageDriver && conn->storageDriver->storageVolWipe) {
         int ret;
@@ -15188,10 +14838,7 @@ virStorageVolWipePattern(virStorageVolPtr vol,
     }

     conn = vol->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibStorageVolError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->storageDriver && conn->storageDriver->storageVolWipePattern) {
         int ret;
@@ -15456,10 +15103,7 @@ virStorageVolResize(virStorageVolPtr vol,

     conn = vol->conn;

-    if (conn->flags & VIR_CONNECT_RO) {
-       virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-       goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     /* Zero capacity is only valid with either delta or shrink.  */
     if (capacity == 0 && !((flags & VIR_STORAGE_VOL_RESIZE_DELTA) ||
@@ -16017,10 +15661,7 @@ virNodeDeviceDettach(virNodeDevicePtr dev)
         return -1;
     }

-    if (dev->conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dev->conn->flags, error);

     if (dev->conn->driver->nodeDeviceDettach) {
         int ret;
@@ -16082,10 +15723,7 @@ virNodeDeviceDetachFlags(virNodeDevicePtr dev,
         return -1;
     }

-    if (dev->conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dev->conn->flags, error);

     if (dev->conn->driver->nodeDeviceDetachFlags) {
         int ret;
@@ -16131,10 +15769,7 @@ virNodeDeviceReAttach(virNodeDevicePtr dev)
         return -1;
     }

-    if (dev->conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dev->conn->flags, error);

     if (dev->conn->driver->nodeDeviceReAttach) {
         int ret;
@@ -16182,10 +15817,7 @@ virNodeDeviceReset(virNodeDevicePtr dev)
         return -1;
     }

-    if (dev->conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dev->conn->flags, error);

     if (dev->conn->driver->nodeDeviceReset) {
         int ret;
@@ -16229,10 +15861,7 @@ virNodeDeviceCreateXML(virConnectPtr conn,
         return NULL;
     }

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     virCheckNonNullArgGoto(xmlDesc, error);

@@ -16275,10 +15904,7 @@ virNodeDeviceDestroy(virNodeDevicePtr dev)
         return -1;
     }

-    if (dev->conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dev->conn->flags, error);

     if (dev->conn->nodeDeviceDriver &&
         dev->conn->nodeDeviceDriver->nodeDeviceDestroy) {
@@ -16733,10 +16359,7 @@ virSecretDefineXML(virConnectPtr conn, const char *xml, unsigned int flags)
         virDispatchError(NULL);
         return NULL;
     }
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);
     virCheckNonNullArgGoto(xml, error);

     if (conn->secretDriver != NULL && conn->secretDriver->secretDefineXML != NULL) {
@@ -16955,10 +16578,7 @@ virSecretSetValue(virSecretPtr secret, const unsigned char *value,
         return -1;
     }
     conn = secret->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibSecretError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);
     virCheckNonNullArgGoto(value, error);

     if (conn->secretDriver != NULL && conn->secretDriver->secretSetValue != NULL) {
@@ -17004,10 +16624,7 @@ virSecretGetValue(virSecretPtr secret, size_t *value_size, unsigned int flags)
         return NULL;
     }
     conn = secret->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibSecretError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);
     virCheckNonNullArgGoto(value_size, error);

     if (conn->secretDriver != NULL && conn->secretDriver->secretGetValue != NULL) {
@@ -17051,10 +16668,7 @@ virSecretUndefine(virSecretPtr secret)
         return -1;
     }
     conn = secret->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibSecretError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->secretDriver != NULL && conn->secretDriver->secretUndefine != NULL) {
         int ret;
@@ -18499,10 +18113,7 @@ virNWFilterDefineXML(virConnectPtr conn, const char *xmlDesc)
     }
     virCheckNonNullArgGoto(xmlDesc, error);

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->nwfilterDriver && conn->nwfilterDriver->nwfilterDefineXML) {
         virNWFilterPtr ret;
@@ -18545,10 +18156,7 @@ virNWFilterUndefine(virNWFilterPtr nwfilter)
     }

     conn = nwfilter->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibNWFilterError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->nwfilterDriver && conn->nwfilterDriver->nwfilterUndefine) {
         int ret;
@@ -19040,10 +18648,7 @@ virDomainAbortJob(virDomainPtr domain)
     }

     conn = domain->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainAbortJob) {
         int ret;
@@ -19091,10 +18696,7 @@ virDomainMigrateSetMaxDowntime(virDomainPtr domain,
     }

     conn = domain->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainMigrateSetMaxDowntime) {
         if (conn->driver->domainMigrateSetMaxDowntime(domain, downtime, flags) < 0)
@@ -19187,10 +18789,7 @@ virDomainMigrateSetCompressionCache(virDomainPtr domain,
     }

     conn = domain->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainMigrateSetCompressionCache) {
         if (conn->driver->domainMigrateSetCompressionCache(domain, cacheSize,
@@ -19236,10 +18835,7 @@ virDomainMigrateSetMaxSpeed(virDomainPtr domain,
     }

     conn = domain->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainMigrateSetMaxSpeed) {
         if (conn->driver->domainMigrateSetMaxSpeed(domain, bandwidth, flags) < 0)
@@ -19286,10 +18882,7 @@ virDomainMigrateGetMaxSpeed(virDomainPtr domain,

     virCheckNonNullArgGoto(bandwidth, error);

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainMigrateGetMaxSpeed) {
         if (conn->driver->domainMigrateGetMaxSpeed(domain, bandwidth, flags) < 0)
@@ -19597,10 +19190,7 @@ virDomainManagedSave(virDomainPtr dom, unsigned int flags)
     }

     conn = dom->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if ((flags & VIR_DOMAIN_SAVE_RUNNING) && (flags & VIR_DOMAIN_SAVE_PAUSED)) {
         virReportInvalidArg(flags,
@@ -19697,10 +19287,7 @@ virDomainManagedSaveRemove(virDomainPtr dom, unsigned int flags)
     }

     conn = dom->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainManagedSaveRemove) {
         int ret;
@@ -19923,10 +19510,7 @@ virDomainSnapshotCreateXML(virDomainPtr domain,

     virCheckNonNullArgGoto(xmlDesc, error);

-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if ((flags & VIR_DOMAIN_SNAPSHOT_CREATE_CURRENT) &&
         !(flags & VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE)) {
@@ -20854,10 +20438,7 @@ virDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
     }

     conn = snapshot->domain->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if ((flags & VIR_DOMAIN_SNAPSHOT_REVERT_RUNNING) &&
         (flags & VIR_DOMAIN_SNAPSHOT_REVERT_PAUSED)) {
@@ -20923,10 +20504,7 @@ virDomainSnapshotDelete(virDomainSnapshotPtr snapshot,
     }

     conn = snapshot->domain->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if ((flags & VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN) &&
         (flags & VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN_ONLY)) {
@@ -21064,10 +20642,7 @@ virDomainOpenConsole(virDomainPtr dom,
     }

     conn = dom->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainOpenConsole) {
         int ret;
@@ -21127,10 +20702,7 @@ virDomainOpenChannel(virDomainPtr dom,
     }

     conn = dom->conn;
-    if (conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);

     if (conn->driver->domainOpenChannel) {
         int ret;
@@ -21205,10 +20777,7 @@ virDomainBlockJobAbort(virDomainPtr dom, const char *disk,
     }
     conn = dom->conn;

-    if (dom->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dom->conn->flags, error);

     virCheckNonNullArgGoto(disk, error);

@@ -21322,10 +20891,7 @@ virDomainBlockJobSetSpeed(virDomainPtr dom, const char *disk,
     }
     conn = dom->conn;

-    if (dom->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dom->conn->flags, error);

     virCheckNonNullArgGoto(disk, error);

@@ -21396,10 +20962,7 @@ virDomainBlockPull(virDomainPtr dom, const char *disk,
     }
     conn = dom->conn;

-    if (dom->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dom->conn->flags, error);

     virCheckNonNullArgGoto(disk, error);

@@ -21516,10 +21079,7 @@ virDomainBlockRebase(virDomainPtr dom, const char *disk,
     }
     conn = dom->conn;

-    if (dom->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dom->conn->flags, error);

     virCheckNonNullArgGoto(disk, error);

@@ -21635,10 +21195,7 @@ virDomainBlockCommit(virDomainPtr dom, const char *disk,
     }
     conn = dom->conn;

-    if (dom->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dom->conn->flags, error);

     virCheckNonNullArgGoto(disk, error);

@@ -21716,10 +21273,7 @@ virDomainOpenGraphics(virDomainPtr dom,
         goto error;
     }

-    if (dom->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dom->conn->flags, error);

     if (!VIR_DRV_SUPPORTS_FEATURE(dom->conn->driver, dom->conn,
                                   VIR_DRV_FEATURE_FD_PASSING)) {
@@ -22007,10 +21561,7 @@ virDomainSetBlockIoTune(virDomainPtr dom,
         return -1;
     }

-    if (dom->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dom->conn->flags, error);

     virCheckNonNullArgGoto(disk, error);
     virCheckPositiveArgGoto(nparams, error);
@@ -22474,10 +22025,7 @@ virDomainFSTrim(virDomainPtr dom,
         return -1;
     }

-    if (dom->conn->flags & VIR_CONNECT_RO) {
-        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-        goto error;
-    }
+    virCheckReadOnlyGoto(dom->conn->flags, error);

     if (dom->conn->driver->domainFSTrim) {
         int ret = dom->conn->driver->domainFSTrim(dom, mountPoint,
diff --git a/src/locking/lock_daemon.c b/src/locking/lock_daemon.c
index a6be43c..b4ed14b 100644
--- a/src/locking/lock_daemon.c
+++ b/src/locking/lock_daemon.c
@@ -1,7 +1,7 @@
 /*
  * lock_daemon.c: lock management daemon
  *
- * Copyright (C) 2006-2012 Red Hat, Inc.
+ * Copyright (C) 2006-2013 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -800,18 +800,16 @@ virLockDaemonClientNew(virNetServerClientPtr client,

     if (!privileged) {
         if (geteuid() != clientuid) {
-            virReportError(VIR_ERR_OPERATION_DENIED,
-                           _("Disallowing client %llu with uid %llu"),
-                           (unsigned long long)priv->clientPid,
-                           (unsigned long long)clientuid);
+            virReportRestrictedError(_("Disallowing client %llu with uid %llu"),
+                                     (unsigned long long)priv->clientPid,
+                                     (unsigned long long)clientuid);
             goto error;
         }
     } else {
         if (clientuid != 0) {
-            virReportError(VIR_ERR_OPERATION_DENIED,
-                           _("Disallowing client %llu with uid %llu"),
-                           (unsigned long long)priv->clientPid,
-                           (unsigned long long)clientuid);
+            virReportRestrictedError(_("Disallowing client %llu with uid %llu"),
+                                     (unsigned long long)priv->clientPid,
+                                     (unsigned long long)clientuid);
             goto error;
         }
     }
diff --git a/src/util/virerror.c b/src/util/virerror.c
index d9a9fc4..877c15e 100644
--- a/src/util/virerror.c
+++ b/src/util/virerror.c
@@ -888,7 +888,7 @@ virErrorMsg(virErrorNumber error, const char *info)
             if (info == NULL)
                 errmsg = _("operation forbidden for read only access");
             else
-                errmsg = _("operation %s forbidden for read only access");
+                errmsg = _("operation forbidden: %s");
             break;
         case VIR_ERR_OPEN_FAILED:
             if (info == NULL)
diff --git a/src/util/virerror.h b/src/util/virerror.h
index ec7ef95..65c134c 100644
--- a/src/util/virerror.h
+++ b/src/util/virerror.h
@@ -159,6 +159,9 @@ void virReportSystemErrorFull(int domcode,
 # define virReportUnsupportedError()                                    \
     virReportErrorHelper(VIR_FROM_THIS, VIR_ERR_NO_SUPPORT,             \
                          __FILE__, __FUNCTION__, __LINE__, __FUNCTION__)
+# define virReportRestrictedError(...)                                  \
+    virReportErrorHelper(VIR_FROM_THIS, VIR_ERR_OPERATION_DENIED,       \
+                         __FILE__, __FUNCTION__, __LINE__, __VA_ARGS__)


 void virReportOOMErrorFull(int domcode,
-- 
1.8.4.2

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]