Bug 1349272 - libvirt should not allow read only connection call virDomainSetGuestVcpus
Summary: libvirt should not allow read only connection call virDomainSetGuestVcpus
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Virtualization Tools
Classification: Community
Component: libvirt
Version: unspecified
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Peter Krempa
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-06-23 06:34 UTC by Luyao Huang
Modified: 2016-06-23 07:52 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2016-06-23 07:52:12 UTC
Embargoed:

Attachments (Terms of Use)

Description Luyao Huang 2016-06-23 06:34:55 UTC 
Description of problem:

libvirt should not allow read only connection call virDomainSetGuestVcpus

Version-Release number of selected component (if applicable):
v1.3.5-388-g03ce132

How reproducible:

100%
Steps to Reproduce:
1.
# virsh guestvcpus rhel7.0-rhel
vcpus          : 0-5
online         : 0-5
offlinable     : 1-5

2.

# virsh -r guestvcpus rhel7.0-rhel --disable 5

# virsh guestvcpus rhel7.0-rhel
vcpus          : 0-5
online         : 0-4
offlinable     : 1-5


3.

Actual results:

virsh call virDomainSetGuestVcpus success with read only connection, however this function will enable/disable guest vcpu

Expected results:

forbid it

Additional info:
Comment 1 Peter Krempa 2016-06-23 07:52:12 UTC 
Fixed upstream:

commit dfeb19ff60cb92a9088cfa2e827cf5cb4720dd19
Author: Peter Krempa <pkrempa>
Date:   Thu Jun 23 09:02:29 2016 +0200

    Allow virDomain(SG)etGuestVcpus on read-write connection only
    
    Guest agent interaction is considered privileged.
Note You need to log in before you can comment on or make changes to this bug.