
on 2014/03/10 11:23, shaohef@linux.vnet.ibm.com wrote:
From: ShaoHe Feng <shaohef@linux.vnet.ibm.com>
Now we need to check the 'qemu' user can open an iso files.
This patch is used to 'qemu' user has permission to open a file.
Test this patch: $ mkdir -p a/b/c $ touch a/b/c/f $ chmod o-x a/b/c $ sudo PYTHONPATH=src python -c ' from kimchi.utils import probe_file_permission_as_user print probe_file_permission_as_user("a/b/c/f", "qemu")'
It will return False change another user, it may return True
Signed-off-by: ShaoHe Feng <shaohef@linux.vnet.ibm.com> --- src/kimchi/utils.py | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+)
diff --git a/src/kimchi/utils.py b/src/kimchi/utils.py index 7b15d7f..bf48236 100644 --- a/src/kimchi/utils.py +++ b/src/kimchi/utils.py @@ -19,12 +19,16 @@ #
import cherrypy +import grp +from multiprocessing import Process, Queue import os import psutil +import pwd import re import subprocess import urllib2 from threading import Timer +import traceback
from cherrypy.lib.reprconf import Parser
@@ -236,3 +240,25 @@ def run_setfacl_set_attr(path, attr="r", user=""): set_user = ["setfacl", "--modify", "user:%s:%s" % (user, attr), path] out, error, ret = run_command(set_user) return ret == 0 + + +def probe_file_permission_as_user(file, user): + def probe_permission(q, file, user): + uid = pwd.getpwnam(user).pw_uid + gid = pwd.getpwnam(user).pw_gid + gids = [g.gr_gid for g in grp.getgrall() if user in g.gr_mem] + os.setgid(gid) + os.setgroups(gids) + os.setuid(uid) + try: + with open(file): + q.put((True, None)) + except Exception as e: + kimchi_log.error(traceback.format_exc())
It's a probe action, so this exception is "as expected" but not a "unexpected situation". This suggests that we consider using kimchi_log.debug rather than kimchi_log.error.
+ q.put((False, e)) + + queue = Queue() + p = Process(target=probe_permission, args=(queue, file, user)) + p.start() + p.join() + return queue.get()
I like your idea. There are too many access controlling mechanisms in Linux, such as ACL, traditional ugo+-rwx, SELinux and AppArmor. It's not possible to enumerate and check every access mechanisms if it allows QEMU to access a file. Simply trying to access the file and see if it's OK should be fine. -- Thanks and best regards! Zhou Zheng Sheng / 周征晟 E-mail: zhshzhou@linux.vnet.ibm.com Telephone: 86-10-82454397