[Kimchi-devel] [RFC PATCH 1/3] add a method to probe the permission as qemu user

Zhou Zheng Sheng zhshzhou at linux.vnet.ibm.com
Mon Mar 10 05:13:49 UTC 2014 

on 2014/03/10 11:23, shaohef at linux.vnet.ibm.com wrote:
> From: ShaoHe Feng <shaohef at linux.vnet.ibm.com>
> 
> Now we need to check the 'qemu' user can open an iso files.
> 
> This patch is used to 'qemu' user has permission to open a file.
> 
> Test this patch:
> $ mkdir -p a/b/c
> $ touch a/b/c/f
> $ chmod o-x a/b/c
> $ sudo PYTHONPATH=src python -c '
> from kimchi.utils import probe_file_permission_as_user
> print probe_file_permission_as_user("a/b/c/f", "qemu")'
> 
> It will return False
> change another user, it may return True
> 
> Signed-off-by: ShaoHe Feng <shaohef at linux.vnet.ibm.com>
> ---
>  src/kimchi/utils.py | 26 ++++++++++++++++++++++++++
>  1 file changed, 26 insertions(+)
> 
> diff --git a/src/kimchi/utils.py b/src/kimchi/utils.py
> index 7b15d7f..bf48236 100644
> --- a/src/kimchi/utils.py
> +++ b/src/kimchi/utils.py
> @@ -19,12 +19,16 @@
>  #
> 
>  import cherrypy
> +import grp
> +from multiprocessing import Process, Queue
>  import os
>  import psutil
> +import pwd
>  import re
>  import subprocess
>  import urllib2
>  from threading import Timer
> +import traceback
> 
>  from cherrypy.lib.reprconf import Parser
> 
> @@ -236,3 +240,25 @@ def run_setfacl_set_attr(path, attr="r", user=""):
>      set_user = ["setfacl", "--modify", "user:%s:%s" % (user, attr), path]
>      out, error, ret = run_command(set_user)
>      return ret == 0
> +
> +
> +def probe_file_permission_as_user(file, user):
> +    def probe_permission(q, file, user):
> +        uid = pwd.getpwnam(user).pw_uid
> +        gid = pwd.getpwnam(user).pw_gid
> +        gids = [g.gr_gid for g in grp.getgrall() if user in g.gr_mem]
> +        os.setgid(gid)
> +        os.setgroups(gids)
> +        os.setuid(uid)
> +        try:
> +            with open(file):
> +                q.put((True, None))
> +        except Exception as e:
> +            kimchi_log.error(traceback.format_exc())

It's a probe action, so this exception is "as expected" but not a
"unexpected situation". This suggests that we consider using
kimchi_log.debug rather than kimchi_log.error.

> +            q.put((False, e))
> +
> +    queue = Queue()
> +    p = Process(target=probe_permission, args=(queue, file, user))
> +    p.start()
> +    p.join()
> +    return queue.get()
> 

I like your idea. There are too many access controlling mechanisms in
Linux, such as ACL, traditional ugo+-rwx, SELinux and AppArmor. It's not
possible to enumerate and check every access mechanisms if it allows
QEMU to access a file. Simply trying to access the file and see if it's
OK should be fine.

-- 
Thanks and best regards!

Zhou Zheng Sheng / 周征晟
E-mail: zhshzhou at linux.vnet.ibm.com
Telephone: 86-10-82454397

More information about the Kimchi-devel mailing list