On 10/24/2016 03:59 PM, Aline Manera wrote:
Hi Ramon,

Could you explain better what is the root cause of the problem?

Today, Kimchi list all the ISOs found in the active pools. Each ISO is a IsoVolume instance (check model/storagevolumes.py) and it has a 'has_permission' parameter.
Knew that.

So what I think it is happening is we are using the wrong way to check the ISO permission and for some files has_permission is set to True when it should be False.
Did not know that. This will be useful to fix this bug. Would be nice to have some scenarios to reproduce.


In this case, we need to check what you proposed on 1) is sufficient to solve that problem.

Also, user can input a ISO path instead of using the options on pools. In that case, we need to check the file permission and raise an error. (Noticed, when it is a IsoVolume no exception is raised, instead of that the has_permission parameter should be properly set)

Regards,
Aline Manera

On 10/24/2016 03:44 PM, Ramon Medeiros wrote:

Issue:
User is allowed to create templates without permission to ISO

Solutions propose:

1) Check permissions by os.access(). This function can verify read (os.R_OK), write (os.W_OK) and execution (os.X_OK) access.

2) Iterate over all storagevolumes and use kimchi storagevolumes management (each volumes has "has_permission" item)


Both of the solutions will raise an error if permissions are insufficient.

-- 

Ramon Nunes Medeiros
Kimchi Developer
Linux Technology Center Brazil
IBM Systems & Technology Group
Phone : +55 19 2132 7878
ramonn@br.ibm.com 


_______________________________________________
Kimchi-devel mailing list
Kimchi-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/kimchi-devel



-- 

Ramon Nunes Medeiros
Kimchi Developer
Linux Technology Center Brazil
IBM Systems & Technology Group
Phone : +55 19 2132 7878
ramonn@br.ibm.com