* [pve-devel] [PATCH v2 container] fix #3367: prevent adding bind and device mountpoints to template
@ 2024-09-12 9:56 Fiona Ebner
0 siblings, 0 replies; only message in thread
From: Fiona Ebner @ 2024-09-12 9:56 UTC (permalink / raw)
To: pve-devel
There is a check in the clone API call that prohibits cloning when a
bind or device mountpoint is present. Converting to a template also
will fail when such a mountpoint is present. In particular, that
failure will also trigger at the end of a restore operation, because
restore will also try to convert to a template again. Add a safeguard
so that users won't get into the problematic situation in the first
place.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
Changes in v2:
* different approach with safeguard instead of silently dropping
bind mounts during conversion to template
Previous discussion:
https://lore.proxmox.com/pve-devel/20210402123636.27037-1-f.ebner@proxmox.com/T/#u
src/PVE/LXC/Config.pm | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
index ce64c4c..09687ab 100644
--- a/src/PVE/LXC/Config.pm
+++ b/src/PVE/LXC/Config.pm
@@ -1181,7 +1181,13 @@ sub update_pct_config {
if ($opt =~ m/^mp(\d+)$/ || $opt eq 'rootfs') {
$class->check_protection($conf, "can't update CT $vmid drive '$opt'");
my $mp = $class->parse_volume($opt, $value);
- $check_content_type->($mp) if ($mp->{type} eq 'volume');
+ if ($mp->{type} eq 'volume') {
+ $check_content_type->($mp);
+ } elsif ($class->is_template($conf)) {
+ # TODO allow bind mounts once admin-defined bind mount sources and corresponding ACL
+ # support is implemented
+ die "cannot add mountpoint '$opt' of type '$mp->{type}' to template\n";
+ }
} elsif ($opt eq 'hookscript') {
PVE::GuestHelpers::check_hookscript($value);
} elsif ($opt eq 'nameserver') {
--
2.39.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-09-12 9:56 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-09-12 9:56 [pve-devel] [PATCH v2 container] fix #3367: prevent adding bind and device mountpoints to template Fiona Ebner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.