[Kimchi-devel] [PATCH] [Kimchi 1/3] Fix issue #1020: Verify libvirt access on real file path instead of symlink
Aline Manera
alinefm at linux.vnet.ibm.com
Fri Sep 23 12:21:31 UTC 2016
While checking libvirt file permission, it must be done on real file path as
it can be a symlink and it can impact the results.
Signed-off-by: Aline Manera <alinefm at linux.vnet.ibm.com>
---
model/storagevolumes.py | 3 ++-
model/templates.py | 5 +++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/model/storagevolumes.py b/model/storagevolumes.py
index a6ce97b..0c710b2 100644
--- a/model/storagevolumes.py
+++ b/model/storagevolumes.py
@@ -330,7 +330,8 @@ class StorageVolumeModel(object):
used_by = get_disk_used_by(self.conn, path)
if (self.libvirt_user is None):
self.libvirt_user = UserTests().probe_user()
- ret, _ = probe_file_permission_as_user(path, self.libvirt_user)
+ ret, _ = probe_file_permission_as_user(os.path.realpath(path),
+ self.libvirt_user)
res = dict(type=VOLUME_TYPE_MAP[info[0]],
capacity=info[1],
allocation=info[2],
diff --git a/model/templates.py b/model/templates.py
index 04e6626..0a6e049 100644
--- a/model/templates.py
+++ b/model/templates.py
@@ -101,8 +101,9 @@ class TemplatesModel(object):
st_mode = os.stat(path).st_mode
if stat.S_ISREG(st_mode) or stat.S_ISBLK(st_mode):
user = UserTests().probe_user()
- run_setfacl_set_attr(path, user=user)
- ret, excp = probe_file_permission_as_user(path, user)
+ realpath = os.path.realpath(path)
+ run_setfacl_set_attr(realpath, user=user)
+ ret, excp = probe_file_permission_as_user(realpath, user)
if ret is False:
raise InvalidParameter('KCHISO0008E',
{'filename': path, 'user': user,
--
2.5.5
More information about the Kimchi-devel
mailing list