(In reply to comment #0)
> In RHEV-M, when a user, using a SPICE client to connect to a guest, close the
> connection, the vdsm tells the guest agent to lock the machine. The RHEV-agent
> daemon tries to lock the machine by calling "/usr/bin/vlock -a" but the
> execution always fails.

What does it mean "execution fails"? (do you have any error message?)

> It is possible to lock the virtual terminals this way?

I think that "vlock -a"  makes sense on standard consoles (tty0 ... tty16) on machines where all consoles are accessible from the same physical place.

The "vlock -a" does not lock all consoles, it locks the *current console* and  controls switching between consoles (e.g. Alt-Fn keys). So after "vlock -a" you cannot use or leave the current console without a valid password. That's all.

(In reply to comment #2)

> What does it mean "execution fails"? (do you have any error message?)

I'm using Python's subprocess.call. The function returns 1 when I execute vlock.

> The "vlock -a" does not lock all consoles, it locks the *current console* and 

I'm okay with this behavior. The problem is that I'm executing vlock as a daemon which doesn't have a *current console* to lock.

vlock opens /dev/tty, this special device is associated with the current process terminal. 

Yes, it probably does not makes sense to call vlock -a from any daemon if the daemon is outside the current session (terminal).

I have no clue how to fix your problem. Try to ask at tech-list.

IMO the most appropriate way for locking the consoles on a guest is to reserve one of the consoles for the vlock and in case of timeout switch into this console and run vlock -a in it.

(In reply to comment #5)
> IMO the most appropriate way for locking the consoles on a guest is to reserve
> one of the consoles for the vlock and in case of timeout switch into this
> console and run vlock -a in it.

Thanks. I'll try it.