* [PATCH qemu-server] api: create: check VM.PowerMgmt on the pool too
@ 2026-06-11 14:24 Maximiliano Sandoval
2026-06-11 14:40 ` Jonas Theisen
0 siblings, 1 reply; 2+ messages in thread
From: Maximiliano Sandoval @ 2026-06-11 14:24 UTC (permalink / raw)
To: pve-devel
If a VM is part of a resource pool, it is possible to start it with the
permission either in /pool or in /vm.
The upfront check done when creating a VM with --start=1 is extended
accordingly to look for the permission on the resource pool if
appropriate.
Fixes: 5086f472 ("api: create: check VM.PowerMgmt up front when starting after create")
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
src/PVE/API2/Qemu.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/API2/Qemu.pm b/src/PVE/API2/Qemu.pm
index 54883f1e..4dd546ae 100644
--- a/src/PVE/API2/Qemu.pm
+++ b/src/PVE/API2/Qemu.pm
@@ -1272,7 +1272,7 @@ __PACKAGE__->register_method({
# vm_start is invoked directly from the create/restore worker, so its
# own permissions predicate doesn't fire here - check VM.PowerMgmt up
# front whenever the caller asked us to start the VM after creation.
- $rpcenv->check($authuser, "/vms/$vmid", ['VM.PowerMgmt'])
+ $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.PowerMgmt'])
if $start_after_create;
if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
--
2.47.3
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH qemu-server] api: create: check VM.PowerMgmt on the pool too
2026-06-11 14:24 [PATCH qemu-server] api: create: check VM.PowerMgmt on the pool too Maximiliano Sandoval
@ 2026-06-11 14:40 ` Jonas Theisen
0 siblings, 0 replies; 2+ messages in thread
From: Jonas Theisen @ 2026-06-11 14:40 UTC (permalink / raw)
To: Maximiliano Sandoval, pve-devel
On 6/11/26 16:24, Maximiliano Sandoval wrote:
> If a VM is part of a resource pool, it is possible to start it with the
> permission either in /pool or in /vm.
>
> The upfront check done when creating a VM with --start=1 is extended
> accordingly to look for the permission on the resource pool if
> appropriate.
>
> Fixes: 5086f472 ("api: create: check VM.PowerMgmt up front when starting after create")
> Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
> ---
Tested the patch in the context of enterprise ticket #8475434 on my
local test setup.
Fixed the mentioned issue.
--
Tested-by: Jonas Theisen <j.theisen@proxmox.com>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-06-12 6:52 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-11 14:24 [PATCH qemu-server] api: create: check VM.PowerMgmt on the pool too Maximiliano Sandoval
2026-06-11 14:40 ` Jonas Theisen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.