From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Cc: Simon LEONARD <git-1001af4@sinux.sh>
Subject: Re: [pve-devel] [PATCH container 1/1] close #1543: allow low-level lxc update
Date: Mon, 27 Jan 2025 12:05:33 +0100 [thread overview]
Message-ID: <1737975711.7o14zwq5fe.astroid@yuna.none> (raw)
In-Reply-To: <20250123222951.112660-2-git-1001af4@sinux.sh>
On January 23, 2025 11:29 pm, Simon LEONARD wrote:
> Signed-off-by: Simon LEONARD <git-1001af4@sinux.sh>
> ---
> src/PVE/API2/LXC/Config.pm | 12 +++++++++++-
> 1 file changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/src/PVE/API2/LXC/Config.pm b/src/PVE/API2/LXC/Config.pm
> index 5cbc014..0697043 100644
> --- a/src/PVE/API2/LXC/Config.pm
> +++ b/src/PVE/API2/LXC/Config.pm
> @@ -123,7 +123,13 @@ __PACKAGE__->register_method({
> description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
> maxLength => 40,
> optional => 1,
> - }
> + },
> + lxc => {
> + description => "Array of lxc low-level configurations ([[key1, value1], [key2, value2] ...]).",
> + type => 'array',
> + items => { type => 'array', items => { type => 'string' }},
> + optional => 1,
> + },
> }),
> },
> returns => { type => 'null'},
> @@ -208,6 +214,10 @@ __PACKAGE__->register_method({
>
> my $running = PVE::LXC::check_running($vmid);
>
> + if (defined($param->{lxc})) {
> + $conf->{lxc} = $param->{lxc};
this would need to at least check that the provided values are valid
(PVE::LXC::Config::is_valid_lxc_conf_key)..
but it would also need to be limited to root@pam only (in
PVE::LXC::check_ct_modify_config_perm), since it allows overriding
fundamental settings also related to the security of the container..
what options are you frequently setting that would require this? we try
to move those to PVE-provided options with proper ACLs to avoid the need
for such root-only calls..
> + }
> +
> my $errors = PVE::LXC::Config->update_pct_config($vmid, $conf, $running, $param, \@delete, \@revert);
> # don't write to config if we get any errors – this can result in a broken config
> raise_param_exc($errors) if scalar(keys %$errors);
> --
> 2.48.1
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-01-27 11:06 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-23 22:29 [pve-devel] [PATCH container 0/1] " Simon LEONARD
2025-01-23 22:29 ` [pve-devel] [PATCH container 1/1] " Simon LEONARD
2025-01-27 11:05 ` Fabian Grünbichler [this message]
2025-03-22 18:05 ` [pve-devel] [PATCH container v2 0/1] close #1543: allow low-level lxc config Simon LEONARD
2025-03-22 18:05 ` [pve-devel] [PATCH container v2 1/1] close #1543: allow low-level lxc config update Simon LEONARD
2025-03-24 15:01 ` [pve-devel] [PATCH container v2 0/1] close #1543: allow low-level lxc config Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1737975711.7o14zwq5fe.astroid@yuna.none \
--to=f.gruenbichler@proxmox.com \
--cc=git-1001af4@sinux.sh \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.