* [pve-devel] [PATCH-SERIES qemu-server/container 0/2] api: fix permission check for guest net device without bridge
@ 2025-10-07 13:03 Fiona Ebner
2025-10-07 13:03 ` [pve-devel] [PATCH qemu-server 1/2] " Fiona Ebner
2025-10-07 13:03 ` [pve-devel] [PATCH container 2/2] " Fiona Ebner
0 siblings, 2 replies; 3+ messages in thread
From: Fiona Ebner @ 2025-10-07 13:03 UTC (permalink / raw)
To: pve-devel
As reported in the community forum [0], changing a guest's network
device definition would fail with an error for non-root users, when
it did not (yet) specify a bridge:
> no sdn vnet ID specified
Skip the call to check_vnet_access() if there is no bridge defined.
Note that editing a device to not use any bridge anymore still
requires permissions for the currently configured bridge even after
this change.
[0]: https://forum.proxmox.com/threads/173249/
qemu-server:
Fiona Ebner (1):
api: fix permission check for guest net device without bridge
src/PVE/QemuServer.pm | 1 +
1 file changed, 1 insertion(+)
container:
Fiona Ebner (1):
api: fix permission check for guest net device without bridge
src/PVE/LXC.pm | 1 +
1 file changed, 1 insertion(+)
Summary over all repositories:
2 files changed, 2 insertions(+), 0 deletions(-)
--
Generated by git-murpp 0.5.0
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pve-devel] [PATCH qemu-server 1/2] api: fix permission check for guest net device without bridge
2025-10-07 13:03 [pve-devel] [PATCH-SERIES qemu-server/container 0/2] api: fix permission check for guest net device without bridge Fiona Ebner
@ 2025-10-07 13:03 ` Fiona Ebner
2025-10-07 13:03 ` [pve-devel] [PATCH container 2/2] " Fiona Ebner
1 sibling, 0 replies; 3+ messages in thread
From: Fiona Ebner @ 2025-10-07 13:03 UTC (permalink / raw)
To: pve-devel
As reported in the community forum [0], changing a guest's network
device definition would fail with an error for non-root users, when
it did not (yet) specify a bridge:
> no sdn vnet ID specified
Skip the call to check_vnet_access() if there is no bridge defined.
Note that editing a device to not use any bridge anymore still
requires permissions for the currently configured bridge even after
this change.
[0]: https://forum.proxmox.com/threads/173249/
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
src/PVE/QemuServer.pm | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/PVE/QemuServer.pm b/src/PVE/QemuServer.pm
index 45daa06c..5cb42030 100644
--- a/src/PVE/QemuServer.pm
+++ b/src/PVE/QemuServer.pm
@@ -6231,6 +6231,7 @@ sub check_bridge_access {
next if $opt !~ m/^net\d+$/;
my $net = PVE::QemuServer::Network::parse_net($conf->{$opt});
my ($bridge, $tag, $trunks) = $net->@{ 'bridge', 'tag', 'trunks' };
+ next if !defined($bridge); # no vnet to check for
PVE::GuestHelpers::check_vnet_access($rpcenv, $authuser, $bridge, $tag, $trunks);
}
return 1;
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pve-devel] [PATCH container 2/2] api: fix permission check for guest net device without bridge
2025-10-07 13:03 [pve-devel] [PATCH-SERIES qemu-server/container 0/2] api: fix permission check for guest net device without bridge Fiona Ebner
2025-10-07 13:03 ` [pve-devel] [PATCH qemu-server 1/2] " Fiona Ebner
@ 2025-10-07 13:03 ` Fiona Ebner
1 sibling, 0 replies; 3+ messages in thread
From: Fiona Ebner @ 2025-10-07 13:03 UTC (permalink / raw)
To: pve-devel
As reported in the community forum [0], changing a guest's network
device definition would fail with an error for non-root users, when
it did not (yet) specify a bridge:
> no sdn vnet ID specified
Skip the call to check_vnet_access() if there is no bridge defined.
Note that editing a device to not use any bridge anymore still
requires permissions for the currently configured bridge even after
this change.
[0]: https://forum.proxmox.com/threads/173249/
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
src/PVE/LXC.pm | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index a445a85..89ccb54 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -1662,6 +1662,7 @@ sub check_bridge_access {
my $net = PVE::LXC::Config->parse_lxc_network($raw);
my ($bridge, $tag, $trunks) = $net->@{ 'bridge', 'tag', 'trunks' };
+ next if !defined($bridge); # no vnet to check for
check_vnet_access($rpcenv, $authuser, $bridge, $tag, $trunks);
return 1;
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-10-07 13:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-10-07 13:03 [pve-devel] [PATCH-SERIES qemu-server/container 0/2] api: fix permission check for guest net device without bridge Fiona Ebner
2025-10-07 13:03 ` [pve-devel] [PATCH qemu-server 1/2] " Fiona Ebner
2025-10-07 13:03 ` [pve-devel] [PATCH container 2/2] " Fiona Ebner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.