From: Noel Ullreich <n.ullreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH pve-storage/pve-manager 0/3 v2] fix #623: show isos/vztmpl/snippets in subdirs
Date: Tue, 16 May 2023 16:51:11 +0200 [thread overview]
Message-ID: <20230516145115.103156-1-n.ullreich@proxmox.com> (raw)
This patch fixes #623, allowing isos/vztmpl/snippets in subdirectories.
This feature is opt-in and can be set from the API, web interface or
with `pvesm`.
I addressed the security concerns raised by Fabian, now parent
directories in the path (i.e. `/my/path/../somewhere/`) are forbidded.
I have kept the permission to use symlinks, however, if this is a
security issue, symlinks can easily be forbidden as well. This,
however, would be a breaking change.
parts of the tests as well as the regex for checking, if a `/../` is in
the path have been taken and/or adapted from an older patch that was
never merged:
https://lists.proxmox.com/pipermail/pve-devel/2020-May/043622.html
This is a complete rework from v1, so I don't see a point in writing
what the differences are. It's all different.
Noel Ullreich (3):
recursively go through subdirs to find files
add `subdir-depth` option to filesystems
update test for recursive subdir search
PVE/Storage.pm | 7 ++++
PVE/Storage/CIFSPlugin.pm | 1 +
PVE/Storage/CephFSPlugin.pm | 1 +
PVE/Storage/DirPlugin.pm | 1 +
PVE/Storage/GlusterfsPlugin.pm | 1 +
PVE/Storage/NFSPlugin.pm | 1 +
PVE/Storage/Plugin.pm | 61 +++++++++++++++++++-----------
test/filesystem_path_test.pm | 18 +++++++++
test/list_volumes_test.pm | 68 ++++++++++++++++++++++++++++++++++
test/parse_volname_test.pm | 40 ++++++++++++++++++++
10 files changed, 178 insertions(+), 21 deletions(-)
Noel Ullreich (1):
add field to set subdir-depth in web interface
www/manager6/storage/Base.js | 11 +++++++++++
1 file changed, 11 insertions(+)
--
2.30.2
next reply other threads:[~2023-05-16 14:51 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-16 14:51 Noel Ullreich [this message]
2023-05-16 14:51 ` [pve-devel] [PATCH pve-storage/pve-manager 1/3 v2] recursively go through subdirs to find files Noel Ullreich
2023-05-16 14:51 ` [pve-devel] [PATCH pve-storage/pve-manager 2/3 v2] add `subdir-depth` option to filesystems Noel Ullreich
2023-05-16 14:51 ` [pve-devel] [PATCH pve-storage/pve-manager 3/3 v2] update test for recursive subdir search Noel Ullreich
2023-05-16 14:51 ` [pve-devel] [PATCH pve-storage/pve-manager 1/1 v2] add field to set subdir-depth in web interface Noel Ullreich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230516145115.103156-1-n.ullreich@proxmox.com \
--to=n.ullreich@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.