Bug 1436042

Summary: "virsh connect --readonly" enters readwrite mode when no name is given.
Product: Red Hat Enterprise Linux 7 Reporter: Fangge Jin <fjin>
Component: libvirtAssignee: Martin Kletzander <mkletzan>
Status: CLOSED ERRATA QA Contact: Lili Zhu <lizhu>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.4CC: dyuan, lizhu, mkletzan, rbalakri, xuzhang, yafu, zpeng
Target Milestone: rcKeywords: Upstream
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-3.7.0-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-10 10:42:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Fangge Jin 2017-03-27 01:12:31 UTC 
Description of problem:
"virsh connect --readonly" enters readwrite mode when no name is given.

Version-Release number of selected component:
libvirt-3.1.0-2.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. connect to default URI
# virsh "connect --readonly; start vm1"

Domain vm1 started

2. connect to specified URI
# virsh "connect qemu:///system --readonly; destroy vm1"

error: Failed to destroy domain vm1
error: operation forbidden: read only access prevents virDomainDestroy


Actual results:
"virsh connect --readonly" enters readwrite mode when no name is given.

Expected results:
In step1
# virsh "connect --readonly; start vm1"

error: Failed to start domain vm1
error: operation forbidden: read only access prevents virDomainCreate
Comment 2 Peter Krempa 2017-03-27 14:49:39 UTC 
virshReconnect uses the default readonly state in case when the URI is NULL
Comment 3 Martin Kletzander 2017-08-18 14:40:51 UTC 
Patch proposed upstream:

https://www.redhat.com/archives/libvir-list/2017-August/msg00529.html

I find these commands pretty nice for testing:

  virsh "connect --readonly; start test; connect; start test"
  virsh -r "connect; destroy test; connect qemu:///system; destroy test; connect --readonly; destroy test"

The output should report:

error: Failed to start domain test
error: operation forbidden: read only access prevents virDomainCreate


Domain test started


error: Failed to destroy domain test
error: operation forbidden: read only access prevents virDomainDestroy


Domain test destroyed


error: Failed to destroy domain test
error: operation forbidden: read only access prevents virDomainDestroy
Comment 4 Martin Kletzander 2017-08-29 09:24:14 UTC 
Fixed upstream with v3.6.0-228-g622ea8b6cfe8:
commit 622ea8b6cfe8d2d171064549b9f9c842b1fc38a8
Author: Martin Kletzander <mkletzan>
Date:   Fri Aug 18 16:35:23 2017 +0200

    virsh: Honour --readonly with cmdConnect and no name
Comment 6 Lili Zhu 2017-10-29 08:16:02 UTC 
Verify the bug with libvirt-3.8.0-1.el7.x86_64

Testing steps are as those in comment 3:
https://bugzilla.redhat.com/show_bug.cgi?id=1436042#c3

As the testing results match with the expected results, mark the bug as verified.
Comment 7 Lili Zhu 2017-10-29 08:23:12 UTC 
# virsh 
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
       'quit' to quit

virsh # connect --readonly

virsh # destroy rhel7.5
error: Failed to destroy domain rhel7.5
error: operation forbidden: read only access prevents virDomainDestroy

virsh # 

The prompt doesn't change after changing the connection to readonly
Comment 8 Martin Kletzander 2017-10-30 10:50:57 UTC 
(In reply to Lili Zhu from comment #7)
Oh, ok, please create another BZ for that, thanks.
Comment 12 errata-xmlrpc 2018-04-10 10:42:33 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:0704