def has_priv(self, priv, conn=None):
"""Return if the given user is privileged enough to perform the
given operation. This isn't entirely accurate currently,
especially on Solaris."""
if priv not in self._privs:
raise ValueError('unknown privilege %s' % priv)
if priv == self.PRIV_QEMU_SYSTEM:
return self._euid == 0
if priv == self.PRIV_CREATE_NETWORK:
return (self._euid == 0) or _util.is_qemu_system(conn)
if platform.system() != 'SunOS':
is_xen = not conn or conn.lower()[0:3] == 'xen'
if priv in [ self.PRIV_CLONE, self.PRIV_CREATE_DOMAIN ]:
if is_xen:
return self._euid == 0
return True
return self._euid == 0
# Not easy to work out!
if self._euid != User.current().euid:
return self._euid == 0
import ucred
cred = ucred.get(os.getpid())
if priv in [ self.PRIV_CLONE, self.PRIV_CREATE_DOMAIN, self.PRIV_CREATE_NETWORK ]:
return cred.has_priv('Effective', 'virt_manage')
if priv == self.PRIV_NFS_MOUNT:
return (cred.has_priv('Effective', 'sys_mount') and
cred.has_priv('Effective', 'net_privaddr'))
def _sun_has_priv(self, priv, conn=None):
# Not easy to work out!
if self._euid != User.current().euid:
return self._euid == 0
import ucred
cred = ucred.get(os.getpid())
if priv in [ self.PRIV_CLONE,
self.PRIV_CREATE_DOMAIN,
self.PRIV_CREATE_NETWORK ]:
return cred.has_priv('Effective', 'virt_manage')
if priv == self.PRIV_NFS_MOUNT:
return (cred.has_priv('Effective', 'sys_mount') and
cred.has_priv('Effective', 'net_privaddr'))
DISK_SLOT2 = 8
PPT_SLOT = 9
RNG_SLOT = 10
VIRTFS_SLOT = 11
CINIT_SLOT = 29
VNC_SLOT = 30
LPC_SLOT_WIN = 31
##############################################################################
sysboot = False
testmode = False
zone = None
xmlfile = None
uc = ucred.get(os.getpid())
if not uc.has_priv("Effective", "sys_config"):
testmode = True
if not testmode:
try:
os.mkdir(STATEDIR, mode=0o755)
except FileExistsError:
pass
def usage(msg=None):
print('''
boot [-S] [-t] [-x xml] <[-z] zone>
-S System initialisation (host boot) mode
-t Test mode - just show what would be done
#!/usr/bin/python
import ucred
import os
uc = ucred.get(os.getpid())
print "pid = %d" % uc.getpid()
print "euid = %d" % uc.geteuid()
print "ruid = %d" % uc.getruid()
print "suid = %d" % uc.getsuid()
print "egid = %d" % uc.getegid()
print "rgid = %d" % uc.getrgid()
print "sgid = %d" % uc.getsgid()
print "zoneid = %d" % uc.getzoneid()
print "projid = %d" % uc.getprojid()
print "groups = %s" % uc.getgroups()
print "label = %s" % uc.getlabel()
print "getpflags(0x1) = %d" % uc.getpflags(0x1)
print "getpflags(0x2) = %d" % uc.getpflags(0x2)
print "has_priv(Effective, proc_fork) = %d" % uc.has_priv("Effective", "proc_fork")
print "has_priv(Permitted, proc_fork) = %d" % uc.has_priv("Permitted", "proc_fork")
print "has_priv(Inheritable, proc_fork) = %d" % uc.has_priv("Inheritable", "proc_fork")
print "has_priv(Limit, file_setid) = %d" % uc.has_priv("Limit", "file_setid")
print "has_priv(Effective, file_setid) = %d" % uc.has_priv("Effective", "file_setid")
try:
uc.has_priv("Effective", "proc_bork")
except OSError, e:
print e
try: