Hi Ramon, Could you explain better what is the root cause of the problem? Today, Kimchi list all the ISOs found in the active pools. Each ISO is a IsoVolume instance (check model/storagevolumes.py) and it has a 'has_permission' parameter.

So what I think it is happening is we are using the wrong way to check the ISO permission and for some files has_permission is set to True when it should be False.

In this case, we need to check what you proposed on 1) is sufficient to solve that problem. Also, user can input a ISO path instead of using the options on pools. In that case, we need to check the file permission and raise an error. (Noticed, when it is a IsoVolume no exception is raised, instead of that the has_permission parameter should be properly set) Regards, Aline Manera On 10/24/2016 03:44 PM, Ramon Medeiros wrote: > > Issue: > User is allowed to create templates without permission to ISO > > Solutions propose: > > 1) Check permissions by os.access(). This function can verify read > (os.R_OK), write (os.W_OK) and execution (os.X_OK) access. > > 2) Iterate over all storagevolumes and use kimchi storagevolumes > management (each volumes has "has_permission" item) > > > Both of the solutions will raise an error if permissions are > insufficient. > > -- > > Ramon Nunes Medeiros > Kimchi Developer > Linux Technology Center Brazil > IBM Systems & Technology Group > Phone : +55 19 2132 7878 > ramonn(a)br.ibm.com > > > _______________________________________________ > Kimchi-devel mailing list > Kimchi-devel(a)ovirt.org > http://lists.ovirt.org/mailman/listinfo/kimchi-devel