Bug 1349272

Summary: libvirt should not allow read only connection call virDomainSetGuestVcpus
Product: [Community] Virtualization Tools Reporter: Luyao Huang <lhuang>
Component: libvirtAssignee: Peter Krempa <pkrempa>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: libvirt-maint, pkrempa, rbalakri
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-23 07:52:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Luyao Huang 2016-06-23 06:34:55 UTC 
Description of problem:

libvirt should not allow read only connection call virDomainSetGuestVcpus

Version-Release number of selected component (if applicable):
v1.3.5-388-g03ce132

How reproducible:

100%
Steps to Reproduce:
1.
# virsh guestvcpus rhel7.0-rhel
vcpus          : 0-5
online         : 0-5
offlinable     : 1-5

2.

# virsh -r guestvcpus rhel7.0-rhel --disable 5

# virsh guestvcpus rhel7.0-rhel
vcpus          : 0-5
online         : 0-4
offlinable     : 1-5


3.

Actual results:

virsh call virDomainSetGuestVcpus success with read only connection, however this function will enable/disable guest vcpu

Expected results:

forbid it

Additional info:
Comment 1 Peter Krempa 2016-06-23 07:52:12 UTC 
Fixed upstream:

commit dfeb19ff60cb92a9088cfa2e827cf5cb4720dd19
Author: Peter Krempa <pkrempa>
Date:   Thu Jun 23 09:02:29 2016 +0200

    Allow virDomain(SG)etGuestVcpus on read-write connection only
    
    Guest agent interaction is considered privileged.