<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 10/24/2016 03:59 PM, Aline Manera
wrote:<br>
</div>
<blockquote
cite="mid:b48c7f7b-acd2-f475-cdeb-d40a77cd6ef1@linux.vnet.ibm.com"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
Hi Ramon,<br>
<br>
Could you explain better what is the root cause of the problem?<br>
<br>
Today, Kimchi list all the ISOs found in the active pools. Each
ISO is a IsoVolume instance (check model/storagevolumes.py) and it
has a 'has_permission' parameter.<br>
</blockquote>
Knew that.<br>
<blockquote
cite="mid:b48c7f7b-acd2-f475-cdeb-d40a77cd6ef1@linux.vnet.ibm.com"
type="cite"> <br>
So what I think it is happening is we are using the wrong way to
check the ISO permission and for some files has_permission is set
to True when it should be False.<br>
</blockquote>
Did not know that. This will be useful to fix this bug. Would be
nice to have some scenarios to reproduce.<br>
<br>
<br>
<blockquote
cite="mid:b48c7f7b-acd2-f475-cdeb-d40a77cd6ef1@linux.vnet.ibm.com"
type="cite"> In this case, we need to check what you proposed on
1) is sufficient to solve that problem.<br>
<br>
Also, user can input a ISO path instead of using the options on
pools. In that case, we need to check the file permission and
raise an error. (Noticed, when it is a IsoVolume no exception is
raised, instead of that the has_permission parameter should be
properly set)<br>
</blockquote>
<blockquote
cite="mid:b48c7f7b-acd2-f475-cdeb-d40a77cd6ef1@linux.vnet.ibm.com"
type="cite"> <br>
Regards,<br>
Aline Manera<br>
<br>
<div class="moz-cite-prefix">On 10/24/2016 03:44 PM, Ramon
Medeiros wrote:<br>
</div>
<blockquote
cite="mid:132ba02d-cdf7-be21-397a-5fabdca2d40d@linux.vnet.ibm.com"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<p>Issue:<br>
User is allowed to create templates without permission to ISO</p>
<p>Solutions propose:<br>
</p>
<p>1) Check permissions by os.access(). This function can verify
read (os.R_OK), write (os.W_OK) and execution (os.X_OK)
access. <br>
<br>
2) Iterate over all storagevolumes and use kimchi
storagevolumes management (each volumes has "has_permission"
item)</p>
<p><br>
</p>
<p>Both of the solutions will raise an error if permissions are
insufficient.<br>
</p>
<pre class="moz-signature" cols="72">--
Ramon Nunes Medeiros
Kimchi Developer
Linux Technology Center Brazil
IBM Systems & Technology Group
Phone : +55 19 2132 7878
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:ramonn@br.ibm.com">ramonn@br.ibm.com</a> </pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Kimchi-devel mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Kimchi-devel@ovirt.org">Kimchi-devel@ovirt.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/kimchi-devel">http://lists.ovirt.org/mailman/listinfo/kimchi-devel</a>
</pre>
</blockquote>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ramon Nunes Medeiros
Kimchi Developer
Linux Technology Center Brazil
IBM Systems & Technology Group
Phone : +55 19 2132 7878
<a class="moz-txt-link-abbreviated" href="mailto:ramonn@br.ibm.com">ramonn@br.ibm.com</a> </pre>
</body>
</html>