On 02/26/2012 03:20 PM, Yair Zaslavsky wrote:
...
4. MLA - what permission does one need to have on source VM/snapsot to
clone it?
if a non-owner can clone a VM/snapshot, and become owner of the new
entity, need to make sure no privilege escalation flows exist.
is the intent to share the code of clone VM with AddVm (which is what
clone is), with a task to clone the disks rather than create them
(otherwise you need to duplicate the code for quota and permission
handling?)
If I understand you correctly - Cloning images commands
(AddVmFromTemplate, cloning vm from snapshot, etc..) will invoke a
CopyImage internal command.
iiuc, internal commands don't perform permission checks?
Correct, they do not.
then how do you not duplicate checks like user is allowed to the cluster
(and later, to custom properties, logical networks, shared disks, etc.)
_______________________________________________
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel
