[Engine-devel] Clone VM from snapshot feature
Yair Zaslavsky
yzaslavs at redhat.com
Sun Feb 26 13:24:16 UTC 2012
On 02/26/2012 03:19 PM, Itamar Heim wrote:
> On 02/26/2012 03:20 PM, Yair Zaslavsky wrote:
> ...
>>>>> 4. MLA - what permission does one need to have on source VM/snapsot to
>>>>> clone it?
>>>>> if a non-owner can clone a VM/snapshot, and become owner of the new
>>>>> entity, need to make sure no privilege escalation flows exist.
>>>>> is the intent to share the code of clone VM with AddVm (which is what
>>>>> clone is), with a task to clone the disks rather than create them
>>>>> (otherwise you need to duplicate the code for quota and permission
>>>>> handling?)
>>>> If I understand you correctly - Cloning images commands
>>>> (AddVmFromTemplate, cloning vm from snapshot, etc..) will invoke a
>>>> CopyImage internal command.
>>>
>>> iiuc, internal commands don't perform permission checks?
>> Correct, they do not.
>
> then how do you not duplicate checks like user is allowed to the cluster
> (and later, to custom properties, logical networks, shared disks, etc.)
Not sure if I understand - are you asking if why I'm not duplicating
this from the original VM?
More information about the Engine-devel
mailing list