I've run into a very annoying issue in virt-manager.
I primarily use libvirt to manage kvm sessions at qemu:///system. I do
this as my regular user on my system (I have write access to the
appropriate libvirtd socket). If I hand craft the XML describing my
virtual machine, I can connect to virtual networks, bridge onto the
existing LAN, etc. I can also set up new virtual networks and basically
anything else that root can do. However, virt-manager still treats me as
a lowly user with no particular privileges. This is because
virt-manager's code is full of (os.getuid() == 0) checks, which in my
case are completely wrong.
I see a few solutions to this:
a) Clean up all these calls and replace them with a
"can_do_fancy_stuff(con)" call and add the necessary logic to that new
b) Move the logic to libvirt and provide a
virConnectIsPrivileged(virConnectPtr *) function that does basically the
c) Take a more granular approach to b) and provide a way to query if
specific tasks can be done through the given connection.
a) Is quite easy. I could probably have that done in no more than a few
hours. b) is almost as easy to do, but I'm not sure if all the existing (or
future) vm types have such a simple model (either you can do only basic
stuff, or you can do everything). c) smells like the right way to do it,
takes slightly longer, but should be relatively future proof.
Ubuntu Server Team
et-mgmt-tools mailing list