[Kimchi-devel] [RFC] Issues #970: ISOs that do not have proper permission is still being allowed to be used when creating a template

Ramon Medeiros ramonn at linux.vnet.ibm.com
Mon Oct 24 19:24:19 UTC 2016 


On 10/24/2016 03:59 PM, Aline Manera wrote:
> Hi Ramon,
>
> Could you explain better what is the root cause of the problem?
>
> Today, Kimchi list all the ISOs found in the active pools. Each ISO is 
> a IsoVolume instance (check model/storagevolumes.py) and it has a 
> 'has_permission' parameter.
Knew that.
>
> So what I think it is happening is we are using the wrong way to check 
> the ISO permission and for some files has_permission is set to True 
> when it should be False.
Did not know that. This will be useful to fix this bug. Would be nice to 
have some scenarios to reproduce.


> In this case, we need to check what you proposed on 1) is sufficient 
> to solve that problem.
>
> Also, user can input a ISO path instead of using the options on pools. 
> In that case, we need to check the file permission and raise an error. 
> (Noticed, when it is a IsoVolume no exception is raised, instead of 
> that the has_permission parameter should be properly set)
>
> Regards,
> Aline Manera
>
> On 10/24/2016 03:44 PM, Ramon Medeiros wrote:
>>
>> Issue:
>> User is allowed to create templates without permission to ISO
>>
>> Solutions propose:
>>
>> 1) Check permissions by os.access(). This function can verify read 
>> (os.R_OK), write (os.W_OK) and execution (os.X_OK) access.
>>
>> 2) Iterate over all storagevolumes and use kimchi storagevolumes 
>> management (each volumes has "has_permission" item)
>>
>>
>> Both of the solutions will raise an error if permissions are 
>> insufficient.
>>
>> -- 
>>
>> Ramon Nunes Medeiros
>> Kimchi Developer
>> Linux Technology Center Brazil
>> IBM Systems & Technology Group
>> Phone : +55 19 2132 7878
>> ramonn at br.ibm.com  
>>
>>
>> _______________________________________________
>> Kimchi-devel mailing list
>> Kimchi-devel at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
>

-- 

Ramon Nunes Medeiros
Kimchi Developer
Linux Technology Center Brazil
IBM Systems & Technology Group
Phone : +55 19 2132 7878
ramonn at br.ibm.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/kimchi-devel/attachments/20161024/a1580233/attachment.html>

More information about the Kimchi-devel mailing list