
<div dir="ltr">Hi Hyun<div><br></div><div>We've taken a look into it and it seems to be working. A couple of notes:</div><div><br></div><div>1.- VM Template is checked for restricted attributes if the owner is not oneadmin (or in oneadmin group). The rationale behind it is that oneadmin can prepare templates with "unsafe" attributes but let the user instantiate them (but not set or modify the attributes). We'll make it clearer in the doc.</div>


<div><br></div><div>2. Disk snapshot operation may use the SOURCE attribute but internally, the user cannot modify or set the SOURCE attribute.</div><div><br></div><div>Hope it makes it clearer.</div><div><br></div><div>

Cheers</div>

<div><br></div><div>Ruben</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Apr 16, 2014 at 3:22 PM, Carlos Martín Sánchez <span dir="ltr"><<a href="mailto:cmartin@opennebula.org" target="_blank">cmartin@opennebula.org</a>></span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>There is not much to it, it should be working as you describe. We'll try to reproduce it and fix it for 4.6 if it's broken.</div>


<div><a href="http://dev.opennebula.org/issues/2838" target="_blank">http://dev.opennebula.org/issues/2838</a></div>


<div><br></div><div>Regards.</div></div><div class="gmail_extra"><br clear="all"><div><div dir="ltr">--<br><div>Carlos Martín, MSc<br>Project Engineer</div><div>OpenNebula - Flexible Enterprise Cloud Made Simple<br><div>


<span style="border-collapse:collapse;color:rgb(136,136,136);font-family:arial,sans-serif;font-size:13px"><a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:cmartin@opennebula.org" target="_blank">cmartin@opennebula.org</a> | <a href="http://twitter.com/opennebula" target="_blank">@OpenNebula</a></span><span style="border-collapse:collapse;color:rgb(136,136,136);font-family:arial,sans-serif;font-size:13px"><a href="mailto:cmartin@opennebula.org" style="color:rgb(42,93,176)" target="_blank"></a></span></div>


</div></div></div>

<br><br><div class="gmail_quote"><div><div class="h5">On Tue, Apr 15, 2014 at 5:50 PM, Hyun Woo Kim <span dir="ltr"><<a href="mailto:hyunwoo@fnal.gov" target="_blank">hyunwoo@fnal.gov</a>></span> wrote:<br></div></div>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">


<div style="word-wrap:break-word">

<div style="font-size:14px;font-family:Calibri,sans-serif">

Hello,</div>

<div style="font-size:14px;font-family:Calibri,sans-serif">

<br>

</div>

<div style="font-size:14px;font-family:Calibri,sans-serif">

<a href="http://docs.opennebula.org/4.4/administration/references/oned_conf.html#oned-conf-restricted-attributes-configuration" target="_blank">http://docs.opennebula.org/4.4/administration/references/oned_conf.html#oned-conf-restricted-attributes-configuration</a></div>


<div style="font-size:14px;font-family:Calibri,sans-serif">

says we can use {VM,IMAGE}_RESTRICTED_ATTR </div>

<div style="font-size:14px;font-family:Calibri,sans-serif">

to <span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:left;font-style:normal;display:inline!important;font-weight:normal;float:none;line-height:19px;color:rgb(53,55,53);text-transform:none;font-size:13px;white-space:normal;font-family:Verdana,Geneva,sans-serif;word-spacing:0px">restrict

 users outside the oneadmin group</span></div>

<div style="font-size:14px;font-family:Calibri,sans-serif">

<span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:left;font-style:normal;display:inline!important;font-weight:normal;float:none;line-height:19px;color:rgb(53,55,53);text-transform:none;font-size:13px;white-space:normal;font-family:Verdana,Geneva,sans-serif;word-spacing:0px"><br>


</span></div>

<div style="font-size:14px;font-family:Calibri,sans-serif">

<span style="color:rgb(53,55,53);font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:19px;text-align:left;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none;background-color:rgb(254,255,254);font-family:Verdana,Geneva,sans-serif">but

 I experiment as a user whose group is users, not oneadmin</span></div>

<div style="font-size:14px;font-family:Calibri,sans-serif">

<span style="color:rgb(53,55,53);font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:19px;text-align:left;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none;background-color:rgb(254,255,254);font-family:Verdana,Geneva,sans-serif">to

 launch a VM from a vm.template with CONTEXT/FILES</span></div>

<div style="font-size:14px;font-family:Calibri,sans-serif">

<span style="color:rgb(53,55,53);font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:19px;text-align:left;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none;background-color:rgb(253,255,253);font-family:Verdana,Geneva,sans-serif">and

 onevm disk-snapshot command which must use SOURCE attribute,</span></div>

<div style="font-size:14px;font-family:Calibri,sans-serif">

<span style="color:rgb(53,55,53);font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:19px;text-align:left;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none;background-color:rgb(252,255,252);font-family:Verdana,Geneva,sans-serif">both

 work, i.e. restricted_attr do not seem to work..</span></div>

<div style="font-size:14px;font-family:Calibri,sans-serif">

<span style="color:rgb(53,55,53);font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:19px;text-align:left;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none;background-color:rgb(252,255,252);font-family:Verdana,Geneva,sans-serif"><br>


</span></div>

<div style="font-size:14px;font-family:Calibri,sans-serif">

<span style="color:rgb(53,55,53);font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:19px;text-align:left;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none;background-color:rgb(251,255,250);font-family:Verdana,Geneva,sans-serif">Am

 I missing something?</span></div>

<div style="text-align:left"><font color="#353735" face="Verdana,Geneva,sans-serif"><span style="font-size:13px;line-height:19px"><br>

</span></font></div>

<div style="text-align:left"><font color="#353735" face="Verdana,Geneva,sans-serif"><span style="font-size:13px;line-height:19px">Thanks,</span></font></div>

<div style="font-size:14px;font-family:Calibri,sans-serif">

<span style="color:rgb(53,55,53);font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:19px;text-align:left;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none;background-color:rgb(250,255,248);font-family:Verdana,Geneva,sans-serif">Hyunwoo

 KIM</span></div>

<div style="text-align:left"><font color="#353735" face="Verdana,Geneva,sans-serif"><span style="font-size:13px;line-height:19px">FermiCloud</span></font></div>

<div style="text-align:left"><font color="#353735" face="Verdana,Geneva,sans-serif"><span style="font-size:13px;line-height:19px"><br>

</span></font></div>

<div style="font-size:14px;font-family:Calibri,sans-serif">

<br>

</div>

</div>


<br></div></div>_______________________________________________<br>

Users mailing list<br>

<a href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a><br>

<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>

<br></blockquote></div><br></div>

<br>_______________________________________________<br>

Users mailing list<br>

<a href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a><br>

<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>

<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div><div>-- <br></div></div>Ruben S. Montero, PhD<br>Project co-Lead and Chief Architect<div>OpenNebula - Flexible Enterprise Cloud Made Simple<br>


<a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:rsmontero@opennebula.org" target="_blank">rsmontero@opennebula.org</a> | @OpenNebula</div></div>

</div>