On 11-Feb-11 14:54, Marcelo Vanzin wrote: > On 02/10/2011 12:18 AM, James Ko wrote: >> I have a restricted shell which limits the user from the underlying linux >> apps and filesystem >> but authorization is using the usual mechanisms. VIX would allow access to >> the underlying >> filesystem bypassing the restricted shell. >> >> As for the logs, the user is showing guestUserName=hostd-quiescedsnap but >> VMAutomation_ReadGuestOperationPolicies fails. hostPolicyString is NULL >> VixAutomation_IsGuestOperationAllowed fails. No policy for this operation >> >> Is this the reason for the failure? >> What is the required policy and how does this need to be set? > The logs you sent earlier seem to imply that you don't have the VIX guest > components running (see all VIX_E_UNRECOGNIZED_COMMAND_IN_GUEST). If that's > the > case, it's the first problem you need to fix. > > As far as the policy, I've been told that no configuration is needed for > things > to work. So make sure you have the VIX components running inside the VM if you > want that to work, and let me know if you still get failures. > > Unfortunately your use case (restricted shell) wasn't really envisioned when > this system was designed; so either you run VIX or, with the current version > of > ESX, lose the cloning functionality. On ESX 5.0 (yet to be released) the code > path is different and doesn't use VIX anymore. >
I loaded the missing libraries and was able to get cloning working. Am I correct in my thinking that if I don't include the /etc/pam.d/vmtoolsd file then guest user authentication cannot take place which effectively blocks unintended guest user operation through VIX? The quiesce operation of cloning does not require guest authorization correct? Jim ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ open-vm-tools-devel mailing list open-vm-tools-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/open-vm-tools-devel
