Description of problem: virDomainOpenConsole: conn = dom->conn; if (conn->flags & VIR_CONNECT_RO) { virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); goto error; } since it uses this this should fail if (virDomainOpenConsole(dom, devname, con->st, 0) < 0) goto cleanup; But on 6.0.z , we could connect to guest console successfully with readonly mode Version-Release number of selected component (if applicable): libvirt-0.8.1-27.el6_0.5.x86_64 qemu-kvm-0.12.1.2-2.113.el6_0.8.x86_64 kernel-2.6.32-71.20.1.el6.x86_64 How reproducible: Always Steps to Reproduce: # virsh -r Welcome to virsh, the virtualization interactive terminal. Type: 'help' for help with commands 'quit' to quit virsh > console local Connected to domain local Escape character is ^] Red Hat Enterprise Linux Server release 6.0 (Santiago) Kernel 2.6.32-71.el6.x86_64 on an x86_64 localhost.localdomain login: se Linux Server release 6.0 (Santiago) Kernel 2.6.32-71.el6.x86_64 on an x86_64 localhost Actual results: was allowed to connect guest console under readonly mode Expected results: Forbidden to connect guest console under readonly mode Additional info: Tested with RHEL6.1 , didn't meet this issue
In RHEL-6.1, there is an explicit API for opening consoles 'virDomainOpenConsole'. For this, the readonly flag takes effect and will reject an attempt to open a console over a readonly connection. in RHEL-6.0.x, there is no API for opening consoles. virsh instead just opens the /dev/pts/XXX file directly. The read-only flag is irrelevant in this context, the file permissions on /dev/pts/XXX are the only check. I suspect you were using 'virsh' as root and so were able to access /dev/pts/XXXX. If you ran virsh as non-root, you would see a permission denial. So this BZ should likely be NOTABUG
retested with libvirt-0.8.1-27.el6_0.5.x86_64 qemu-kvm-0.12.1.2-2.113.el6_0.8.x86_64 kernel-2.6.32-71.20.1.el6.x86_64 Run virsh as non-root, could get following result -- no permission denial . # virsh -r -c qemu:///system Welcome to virsh, the virtualization interactive terminal. Type: 'help' for help with commands 'quit' to quit virsh > console RHEL6.0 Connected to domain RHEL6.1 Escape character is ^] virsh > console RHEL6.0 Connected to domain RHEL6.1 Escape character is ^] �could not read byte from child: Success Welcome to Red Hat Enterprise Linux Server Starting udev: [ OK ] Setting hostname localhost.localdomain: [ OK ] Setting up Logical Volume Management: 2 logical volume(s) in volume group "VolGroup" now active [ OK ] Checking filesystems Checking all file systems. [/sbin/fsck.ext4 (1) -- /] fsck.ext4 -a /dev/mapper/VolGroup-lv_root /dev/mapper/VolGroup-lv_root: clean, 95143/246016 files, 607386/984064 blocks [/sbin/fsck.ext4 (1) -- /boot] fsck.ext4 -a /dev/vda1 /dev/vda1: clean, 39/128016 files, 51317/512000 blocks [ OK ] Remounting root filesystem in read-write mode: [ OK ] Mounting local filesystems: [ OK ] Enabling local filesystem quotas: [ OK ] Enabling /etc/fstab swaps: [ OK ] Entering non-interactive startup Applying Intel CPU microcode update: Calling the system activity data collector (sadc): Starting monitoring for VG VolGroup: 2 logical volume(s) in volume group "VolGroup" monitored [ OK ] ip6tables: Applying firewall rules: [ OK ] iptables: Applying firewall rules: [ OK ] Bringing up loopback interface: [ OK ] Starting auditd: [ OK ] Starting portreserve: [ OK ] Starting system logger: [ OK ] Starting irqbalance: [ OK ] Starting rpcbind: [ OK ] Starting mdmonitor: [ OK ] Starting kdump:[ OK ] Starting system message bus: [ OK ] Setting network parameters... [ OK ] Starting NetworkManager daemon: [ OK ] Starting Avahi daemon... [ OK ] Starting NFS statd: [ OK ] Starting RPC idmapd: [ OK ] Starting cups: [ OK ] Mounting other filesystems: [ OK ] Starting acpi daemon: [ OK ] Starting HAL daemon: [ OK ] Retrigger failed udev events[ OK ] Loading autofs4: [ OK ] Starting automount: [ OK ] Enabling Bluetooth devices: Starting sshd: [ OK ] Starting postfix: [ OK ] Starting abrt daemon: [ OK ] [ OK ] crond: [ OK ] [ OK ] atd: [ OK ] Red Hat Enterprise Linux Server release 6.0 (Santiago) Kernel 2.6.32-71.el6.x86_64 on an x86_64 localhost.localdomain login:
Since RHEL 6.1 External Beta has begun, and this bug remains unresolved, it has been rejected as it is not proposed as exception or blocker. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
Are you sure you ran virsh as non-root? And if you did, are you sure you were not privileged enough to be able to read the appropriate /dev/pts/... file? I tested with libvirt-0.8.1-27.el6 and I wasn't allowed to read domain's console: $ virsh -r -c qemu:///system console guest Connected to domain console Escape character is ^] 16:29:50.255: error : vshRunConsole:77 : unable to open tty /dev/pts/3: Permission denied
(In reply to comment #5) The difference here is the "#" and "$" , so mine wasn't the correct non-root mode , but root . Retested with libvirt-0.8.1-27.el6, and got the same permission denied prompt .So close the bug as NOTABUG according to comment #2