I don't agree to change the permission in Kimchi even there is a
permission confirmation warning. It is the responsibility of the
host system administrator to change the permission.
+1
There shouldn't be a confirmation to ask user whether to change. He is
not allowed to change the permissions at all. Consider this:
1. User A burned an ISO file which includes confidential or private
information in it and he placed it in his home directory as private files.
2. Template administrator wants to create templates so he list ISO files.
3. He found the private ISO file and changed the permission.
Then other users can sign in server OS to do whatever he wants about the
ISO file.
2014/1/16 10:04, Aline Manera:
>
> Looks good for me.
>
> And I agree with Sheldon we need to add a change permission
> confirmation on UI
>
> Just a comment below.
>
> On 01/13/2014 06:14 AM, Royce Lv wrote:
>> User scenarios:
>>
>> Users may create template from ISOs from shallow/deep scan or
>> from a user specified local path. Because kimchid runs as root and
>> have access of most ISOs scanned. For qemu, however, the real user
>> to start a vm, does not always have access of the ISO to install a
>> vm. Under this circumstance, we need to denote that:
>>
>> 1. On scanning, indicate which ISOs may not be accessible by qemu user.
>> 2. When create a template from an ISO which qemu does not have
>> access , ask if user want to fix permission, if not, disable the
>> template.
>
> Why should we allow a user create a template that will be disabled
> because the ISO isn't accessible?
>
>> 3. If user accept fix permission, change permission of template cdrom.
>>
>> Rest API will look like:
>> 1. scanning and report
>> GET /storagepools/pool-1/storagevolumes/iso-volume
>> {'type': 'raw', 'path':
'/home/i-am-an-iso.iso', 'accessible':
>> False}
>>
>> 2. Create template
>> POST /templates
>> {'name': 'template-1'
>> 'cdrom': 'a-b-c'} "a-b-c.iso" not accessible by
qemu
>> ---->
>> {'name': 'template-1', 'status': 'disable'}
>> NOTE: template in 'disable' status may because of any of its
>> facility not active (storagepool, iso, network, etc)
>>
>> 3. Fix permission(Permission fix just open for template, we don't
>> support fix for single volume/path temporarily)
>> PUT /templates/t-1/cdrom {'accessible': True}
>
> _______________________________________________
> Kimchi-devel mailing list
> Kimchi-devel(a)ovirt.org
>
http://lists.ovirt.org/mailman/listinfo/kimchi-devel
>
_______________________________________________
Kimchi-devel mailing list
Kimchi-devel(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/kimchi-devel