From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH qemu-server 0/1] api2: add check_bridge_access
Date: Fri, 02 Jun 2023 13:43:02 +0200 [thread overview]
Message-ID: <1685705368.1lls92dexj.astroid@yuna.none> (raw)
In-Reply-To: <20230526073347.1615981-1-aderumier@odiso.com>
On May 26, 2023 9:33 am, Alexandre Derumier wrote:
> For proxmox 8, following the pve-manager patch serie
> https://lists.proxmox.com/pipermail/pve-devel/2023-May/056970.html
>
> This patch serie add check of permissions for bridge/vnets access
> (currently only at vm create/update, I'm note sureif they are other
> places where it should be added)
>
> if user have access to a zone, it have access to all vnets + vnet vlans
> if user have access to a vnet, it have access to the vnet + vnet vlans
> if user have access to a specific vnet+vlan, it have access to the vlan only
the last part could be solved more elegantly IMHO by making tags
children of vnets (and delegating the propagation the propagation bit of
the ACL), see comments on individual patches.
nit: if you send a single commit, no need for a cover letter - and then
please include this information in the commit message, as series cover
letters are not included once the patch is applied!
>
> Alexandre Derumier (1):
> api2: add check_bridge_access for create/update vm
>
> PVE/API2/Qemu.pm | 37 ++++++++++++++++++++++++++++++++++++-
> 1 file changed, 36 insertions(+), 1 deletion(-)
>
> --
> 2.30.2
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
prev parent reply other threads:[~2023-06-02 11:43 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-26 7:33 Alexandre Derumier
2023-05-26 7:33 ` [pve-devel] [PATCH qemu-server 1/1] api2: add check_bridge_access for create/update vm Alexandre Derumier
2023-06-02 11:43 ` Fabian Grünbichler
2023-06-02 12:12 ` DERUMIER, Alexandre
2023-06-05 7:24 ` Fabian Grünbichler
2023-06-06 4:38 ` DERUMIER, Alexandre
2023-06-02 11:43 ` Fabian Grünbichler [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1685705368.1lls92dexj.astroid@yuna.none \
--to=f.gruenbichler@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox