Menu
▾
▴
Re: cloning and pre-freeze script question
|
From: Jim <jim...@ho...> - 2011-02-12 16:39:16
|
On 11-Feb-11 14:54, Marcelo Vanzin wrote: > On 02/10/2011 12:18 AM, James Ko wrote: >> I have a restricted shell which limits the user from the underlying linux apps and filesystem >> but authorization is using the usual mechanisms. VIX would allow access to the underlying >> filesystem bypassing the restricted shell. >> >> As for the logs, the user is showing guestUserName=hostd-quiescedsnap but >> VMAutomation_ReadGuestOperationPolicies fails. hostPolicyString is NULL >> VixAutomation_IsGuestOperationAllowed fails. No policy for this operation >> >> Is this the reason for the failure? >> What is the required policy and how does this need to be set? > The logs you sent earlier seem to imply that you don't have the VIX guest > components running (see all VIX_E_UNRECOGNIZED_COMMAND_IN_GUEST). If that's the > case, it's the first problem you need to fix. > > As far as the policy, I've been told that no configuration is needed for things > to work. So make sure you have the VIX components running inside the VM if you > want that to work, and let me know if you still get failures. > > Unfortunately your use case (restricted shell) wasn't really envisioned when > this system was designed; so either you run VIX or, with the current version of > ESX, lose the cloning functionality. On ESX 5.0 (yet to be released) the code > path is different and doesn't use VIX anymore. > I loaded the missing libraries and was able to get cloning working. Am I correct in my thinking that if I don't include the /etc/pam.d/vmtoolsd file then guest user authentication cannot take place which effectively blocks unintended guest user operation through VIX? The quiesce operation of cloning does not require guest authorization correct? Jim |
