All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit c27127bb authored by Ryan Jackson's avatar Ryan Jackson

Run frisbeelauncher as admin for subbosses

Subbosses make XMLRPC requests as the user 'elabman' which doesn't
belong to any projects, and therefore has no rights to non-global
images.  The easiset way to solve this is to run frisbeelauncher with
admin privileges when a subboss requests it.

We already check to make sure the requesting user has permission to use
the image in libosload well before we hand the request to the subboss,
so if the subboss requests the image we can trust it.
parent d312054b
......@@ -4614,7 +4614,12 @@ class subboss:
argstr = escapeshellarg(str(argdict["imageid"]))
(exitval, output) = runcommand(TBDIR + "/sbin/frisbeelauncher " + argstr)
# We need admin privileges for non-global images since elabman won't
# belong to any projects. We've already checked to make sure the user
# has permission to load the image in libosload so we don't need to
# check again in frisbeelauncher. Only a subboss can make this request
# anyway.
(exitval, output) = runcommand(TBDIR + "/sbin/wap " + TBDIR + "/sbin/frisbeelauncher " + argstr)
if exitval:
return EmulabResponse(RESPONSE_ERROR, exitval >> 8, output=output)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment