[Kimchi-devel] [RFC][PATCH V3 1/3] add a method to probe the permission as qemu user

shaohef at linux.vnet.ibm.com shaohef at linux.vnet.ibm.com
Mon Mar 10 15:01:58 UTC 2014


From: ShaoHe Feng <shaohef at linux.vnet.ibm.com>

Now we need to check the 'qemu' user can open an iso files.

This patch is used to check 'qemu' user has permission to open a file.

Test this patch:
$ mkdir -p a/b/c
$ touch a/b/c/f
$ chmod o-x a/b/c
$ sudo PYTHONPATH=src python -c '
from kimchi.utils import probe_file_permission_as_user
print probe_file_permission_as_user("a/b/c/f", "qemu")'

It will return False
change another user, it may return True

Signed-off-by: ShaoHe Feng <shaohef at linux.vnet.ibm.com>
---
 src/kimchi/utils.py | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/src/kimchi/utils.py b/src/kimchi/utils.py
index 7b15d7f..6c29e0e 100644
--- a/src/kimchi/utils.py
+++ b/src/kimchi/utils.py
@@ -19,11 +19,15 @@
 #
 
 import cherrypy
+import grp
 import os
 import psutil
+import pwd
 import re
 import subprocess
+import traceback
 import urllib2
+from multiprocessing import Process, Queue
 from threading import Timer
 
 from cherrypy.lib.reprconf import Parser
@@ -236,3 +240,25 @@ def run_setfacl_set_attr(path, attr="r", user=""):
     set_user = ["setfacl", "--modify", "user:%s:%s" % (user, attr), path]
     out, error, ret = run_command(set_user)
     return ret == 0
+
+
+def probe_file_permission_as_user(file, user):
+    def probe_permission(q, file, user):
+        uid = pwd.getpwnam(user).pw_uid
+        gid = pwd.getpwnam(user).pw_gid
+        gids = [g.gr_gid for g in grp.getgrall() if user in g.gr_mem]
+        os.setgid(gid)
+        os.setgroups(gids)
+        os.setuid(uid)
+        try:
+            with open(file):
+                q.put((True, None))
+        except Exception as e:
+            kimchi_log.debug(traceback.format_exc())
+            q.put((False, e))
+
+    queue = Queue()
+    p = Process(target=probe_permission, args=(queue, file, user))
+    p.start()
+    p.join()
+    return queue.get()
-- 
1.8.4.2




More information about the Kimchi-devel mailing list