Re: [Kimchi-devel] [RFC] Issues #970: ISOs that do not have proper permission is still being allowed to be used when creating a template
Hi Ramon,
Could you explain better what is the root cause of the problem?
Today, Kimchi list all the ISOs found in the active pools. Each ISO is a
IsoVolume instance (check model/storagevolumes.py) and it has a
'has_permission' parameter.
So what I think it is happening is we are using the wrong way to check
the ISO permission and for some files has_permission is set to True when
it should be False.
In this case, we need to check what you proposed on 1) is sufficient to
solve that problem.
Also, user can input a ISO path instead of using the options on pools.
In that case, we need to check the file permission and raise an error.
(Noticed, when it is a IsoVolume no exception is raised, instead of that
the has_permission parameter should be properly set)
Regards,
Aline Manera
On 10/24/2016 03:44 PM, Ramon Medeiros wrote:
Issue:
User is allowed to create templates without permission to ISO
Solutions propose:
1) Check permissions by os.access(). This function can verify read
(os.R_OK), write (os.W_OK) and execution (os.X_OK) access.
2) Iterate over all storagevolumes and use kimchi storagevolumes
management (each volumes has "has_permission" item)
Both of the solutions will raise an error if permissions are insufficient.
--
Ramon Nunes Medeiros
Kimchi Developer
Linux Technology Center Brazil
IBM Systems & Technology Group
Phone : +55 19 2132 7878
ramonn(a)br.ibm.com
_______________________________________________
Kimchi-devel mailing list
Kimchi-devel(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/kimchi-devel
Attachments:
- attachment.html (text/html — 2.7 KB)