于 2013年12月23日 22:25, shaohef@linux.vnet.ibm.com 写道:
From: ShaoHe Feng <shaohef@linux.vnet.ibm.com>
We want to fix the searchable permission for qemu user. But we should find the username of qemu process firstly.
searchable permission is a known problem. We have discussed several times on IRC.
Royce reports the qemu username is different on different distros
Adam, Aline, Royce and I think we can probe qemu username with the similar method of qemu iso stream support.
Signed-off-by: ShaoHe Feng <shaohef@linux.vnet.ibm.com> Signed-off-by: Royce Lv <lvroyce@linux.vnet.ibm.com> Signed-off-by: Aline Manera <alinefm@linux.vnet.ibm.com> --- src/kimchi/kvmusertests.py | 63 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 src/kimchi/kvmusertests.py
diff --git a/src/kimchi/kvmusertests.py b/src/kimchi/kvmusertests.py new file mode 100644 index 0000000..6552dc1 --- /dev/null +++ b/src/kimchi/kvmusertests.py @@ -0,0 +1,63 @@ +# +# Project Kimchi +# +# Copyright IBM, Corp. 2013 +# +# Authors: +# ShaoHe Feng <shaohef@linux.vnet.ibm.com> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +import libvirt +import uuid +import psutil + +SIMPLE_VM_XML = """ +<domain type='kvm'> + <name>VM-test</name> + <uuid>%s</uuid> + <memory unit='KiB'>32768</memory> + <os> + <type arch='x86_64' machine='pc-0.15'>hvm</type> + <boot dev='hd'/> + </os> +</domain>""" + + +class UserTests(object): + def __init__(self): + self.vm_uuid = uuid.uuid3(uuid.NAMESPACE_DNS, 'vm-test.kimchi.org') + + def probe_user(self): + xml = SIMPLE_VM_XML % self.vm_uuid + user = 'qemu' + try: + conn = libvirt.open('qemu:///system') + dom = conn.defineXML(xml) + dom.create() + for p in psutil.process_iter(): + if self.vm_uuid in p.cmdline: + user = p.username + break
Hello. Is the following method better? I think reading the pid file can save us from iterating the process list. with open('/var/run/libvirt/qemu/VM-test.pid') as f: pidStr = f.read() p = psutil.Process(int(pidstr)) user = p.username
+ dom.destroy() + dom.undefine() + conn.close() + return user + except libvirt.libvirtError: + return None + +if __name__ == '__main__': + ut = UserTests() + print ut.probe_user()
-- Thanks and best regards! Zhou Zheng Sheng / 周征晟 E-mail: zhshzhou@linux.vnet.ibm.com Telephone: 86-10-82454397