On 02/26/2012 03:20 PM, Yair Zaslavsky wrote:
...
>>> 4. MLA - what permission does one need to have on source
VM/snapsot to
>>> clone it?
>>> if a non-owner can clone a VM/snapshot, and become owner of the new
>>> entity, need to make sure no privilege escalation flows exist.
>>> is the intent to share the code of clone VM with AddVm (which is what
>>> clone is), with a task to clone the disks rather than create them
>>> (otherwise you need to duplicate the code for quota and permission
>>> handling?)
>> If I understand you correctly - Cloning images commands
>> (AddVmFromTemplate, cloning vm from snapshot, etc..) will invoke a
>> CopyImage internal command.
>
> iiuc, internal commands don't perform permission checks?
Correct, they do not.
then how do you not duplicate checks like user is allowed to the cluster
(and later, to custom properties, logical networks, shared disks, etc.)