[Kimchi-devel] [RFC] Issues #970: ISOs that do not have proper permission is still being allowed to be used when creating a template
Aline Manera
alinefm at linux.vnet.ibm.com
Mon Oct 24 17:59:04 UTC 2016
Hi Ramon,
Could you explain better what is the root cause of the problem?
Today, Kimchi list all the ISOs found in the active pools. Each ISO is a
IsoVolume instance (check model/storagevolumes.py) and it has a
'has_permission' parameter.
So what I think it is happening is we are using the wrong way to check
the ISO permission and for some files has_permission is set to True when
it should be False.
In this case, we need to check what you proposed on 1) is sufficient to
solve that problem.
Also, user can input a ISO path instead of using the options on pools.
In that case, we need to check the file permission and raise an error.
(Noticed, when it is a IsoVolume no exception is raised, instead of that
the has_permission parameter should be properly set)
Regards,
Aline Manera
On 10/24/2016 03:44 PM, Ramon Medeiros wrote:
>
> Issue:
> User is allowed to create templates without permission to ISO
>
> Solutions propose:
>
> 1) Check permissions by os.access(). This function can verify read
> (os.R_OK), write (os.W_OK) and execution (os.X_OK) access.
>
> 2) Iterate over all storagevolumes and use kimchi storagevolumes
> management (each volumes has "has_permission" item)
>
>
> Both of the solutions will raise an error if permissions are insufficient.
>
> --
>
> Ramon Nunes Medeiros
> Kimchi Developer
> Linux Technology Center Brazil
> IBM Systems & Technology Group
> Phone : +55 19 2132 7878
> ramonn at br.ibm.com
>
>
> _______________________________________________
> Kimchi-devel mailing list
> Kimchi-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/kimchi-devel/attachments/20161024/e9b1bb55/attachment.html>
More information about the Kimchi-devel
mailing list