def has_priv(self, priv, conn=None): """Return if the given user is privileged enough to perform the given operation. This isn't entirely accurate currently, especially on Solaris.""" if priv not in self._privs: raise ValueError('unknown privilege %s' % priv) if priv == self.PRIV_QEMU_SYSTEM: return self._euid == 0 if priv == self.PRIV_CREATE_NETWORK: return (self._euid == 0) or _util.is_qemu_system(conn) if platform.system() != 'SunOS': is_xen = not conn or conn.lower()[0:3] == 'xen' if priv in [ self.PRIV_CLONE, self.PRIV_CREATE_DOMAIN ]: if is_xen: return self._euid == 0 return True return self._euid == 0 # Not easy to work out! if self._euid != User.current().euid: return self._euid == 0 import ucred cred = ucred.get(os.getpid()) if priv in [ self.PRIV_CLONE, self.PRIV_CREATE_DOMAIN, self.PRIV_CREATE_NETWORK ]: return cred.has_priv('Effective', 'virt_manage') if priv == self.PRIV_NFS_MOUNT: return (cred.has_priv('Effective', 'sys_mount') and cred.has_priv('Effective', 'net_privaddr'))
def has_priv(self, priv, conn=None): """Return if the given user is privileged enough to perform the given operation. This isn't entirely accurate currently, especially on Solaris.""" if priv not in self._privs: raise ValueError('unknown privilege %s' % priv) if priv == self.PRIV_QEMU_SYSTEM: return self._euid == 0 if priv == self.PRIV_CREATE_NETWORK: return (self._euid == 0) or _util.is_qemu_system(conn) if platform.system() == 'SunOS': return self._sun_has_priv(priv, conn) # For all others, just assume that prescence of a connection # means we are privileged enough return True
def is_qemu_system(self): return _util.is_qemu_system(self.conn, self.get_uri())