def has_priv(self, priv, conn=None):
"""Return if the given user is privileged enough to perform the
given operation. This isn't entirely accurate currently,
especially on Solaris."""
if priv not in self._privs:
raise ValueError('unknown privilege %s' % priv)
if priv == self.PRIV_QEMU_SYSTEM:
return self._euid == 0
if priv == self.PRIV_CREATE_NETWORK:
return (self._euid == 0) or _util.is_qemu_system(conn)
if platform.system() != 'SunOS':
is_xen = not conn or conn.lower()[0:3] == 'xen'
if priv in [ self.PRIV_CLONE, self.PRIV_CREATE_DOMAIN ]:
if is_xen:
return self._euid == 0
return True
return self._euid == 0
# Not easy to work out!
if self._euid != User.current().euid:
return self._euid == 0
import ucred
cred = ucred.get(os.getpid())
if priv in [ self.PRIV_CLONE, self.PRIV_CREATE_DOMAIN, self.PRIV_CREATE_NETWORK ]:
return cred.has_priv('Effective', 'virt_manage')
if priv == self.PRIV_NFS_MOUNT:
return (cred.has_priv('Effective', 'sys_mount') and
cred.has_priv('Effective', 'net_privaddr'))
def has_priv(self, priv, conn=None):
"""Return if the given user is privileged enough to perform the
given operation. This isn't entirely accurate currently,
especially on Solaris."""
if priv not in self._privs:
raise ValueError('unknown privilege %s' % priv)
if priv == self.PRIV_QEMU_SYSTEM:
return self._euid == 0
if priv == self.PRIV_CREATE_NETWORK:
return (self._euid == 0) or _util.is_qemu_system(conn)
if platform.system() == 'SunOS':
return self._sun_has_priv(priv, conn)
# For all others, just assume that prescence of a connection
# means we are privileged enough
return True
def is_qemu_system(self):
return _util.is_qemu_system(self.conn, self.get_uri())
def is_qemu_system(self):
return _util.is_qemu_system(self.conn, self.get_uri())
