Hide Forgot
In RHEV-M, when a user, using a SPICE client to connect to a guest, close the connection, the vdsm tells the guest agent to lock the machine. The RHEV-agent daemon tries to lock the machine by calling "/usr/bin/vlock -a" but the execution always fails. It is possible to lock the virtual terminals this way?
(In reply to comment #0) > In RHEV-M, when a user, using a SPICE client to connect to a guest, close the > connection, the vdsm tells the guest agent to lock the machine. The RHEV-agent > daemon tries to lock the machine by calling "/usr/bin/vlock -a" but the > execution always fails. What does it mean "execution fails"? (do you have any error message?) > It is possible to lock the virtual terminals this way? I think that "vlock -a" makes sense on standard consoles (tty0 ... tty16) on machines where all consoles are accessible from the same physical place. The "vlock -a" does not lock all consoles, it locks the *current console* and controls switching between consoles (e.g. Alt-Fn keys). So after "vlock -a" you cannot use or leave the current console without a valid password. That's all.
(In reply to comment #2) > What does it mean "execution fails"? (do you have any error message?) I'm using Python's subprocess.call. The function returns 1 when I execute vlock. > The "vlock -a" does not lock all consoles, it locks the *current console* and I'm okay with this behavior. The problem is that I'm executing vlock as a daemon which doesn't have a *current console* to lock.
vlock opens /dev/tty, this special device is associated with the current process terminal. Yes, it probably does not makes sense to call vlock -a from any daemon if the daemon is outside the current session (terminal). I have no clue how to fix your problem. Try to ask at tech-list.
IMO the most appropriate way for locking the consoles on a guest is to reserve one of the consoles for the vlock and in case of timeout switch into this console and run vlock -a in it.
(In reply to comment #5) > IMO the most appropriate way for locking the consoles on a guest is to reserve > one of the consoles for the vlock and in case of timeout switch into this > console and run vlock -a in it. Thanks. I'll try it.