From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <oguz@gaia.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by lists.proxmox.com (Postfix) with ESMTPS id 62EC368F0D
for <pve-devel@lists.proxmox.com>; Mon, 22 Feb 2021 16:06:33 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id 4F14EB7CC
for <pve-devel@lists.proxmox.com>; Mon, 22 Feb 2021 16:06:03 +0100 (CET)
Received: from gaia.proxmox.com (212-186-127-178.static.upcbusiness.at
[212.186.127.178])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by firstgate.proxmox.com (Proxmox) with ESMTPS id 529A5B7C4
for <pve-devel@lists.proxmox.com>; Mon, 22 Feb 2021 16:06:02 +0100 (CET)
Received: from gaia.proxmox.com (localhost.localdomain [127.0.0.1])
by gaia.proxmox.com (8.15.2/8.15.2/Debian-14~deb10u1) with ESMTP id
11MF3ufd1449249; Mon, 22 Feb 2021 16:03:56 +0100
Received: (from oguz@localhost)
by gaia.proxmox.com (8.15.2/8.15.2/Submit) id 11MF3ugv1449248;
Mon, 22 Feb 2021 16:03:56 +0100
From: Oguz Bektas <o.bektas@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Mon, 22 Feb 2021 16:03:53 +0100
Message-Id: <20210222150353.1449090-1-o.bektas@proxmox.com>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results: 1
AWL -0.333 Adjusted score from AWL reputation of From: address
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery
methods
KHOP_HELO_FCRDNS 0.001 Relay HELO differs from its IP's reverse DNS
NO_DNS_FOR_FROM 0.379 Envelope sender has no MX or A DNS records
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_NONE 0.001 SPF: sender does not publish an SPF Record
Subject: [pve-devel] [PATCH container] fix #3313: recover unprivileged bit
from old config during pct restore
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2021 15:06:33 -0000
since pct defaults to privileged containers, it restores the container
as privileged when `--unprivileged 1` is not passed.
instead we should check the old configuration and retrieve it
from there.
this way, when one creates an unprivileged container on GUI, it will be
still restored as unprivileged via pct (without having to pass
`--unprivileged 1` parameter)
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
---
src/PVE/API2/LXC.pm | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 8ce462f..4168a7c 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -362,6 +362,10 @@ __PACKAGE__->register_method({
# 'lxc.idmap' entries. We need to make sure that the extracted contents
# of the container match up with the restored configuration afterwards:
$conf->{lxc} = $orig_conf->{lxc};
+
+ # we also need to make sure the privileged/unprivileged bit is recovered
+ # from the old config if the parameter is not passed
+ $conf->{unprivileged} = $orig_conf->{unprivileged} if !defined $unprivileged && $orig_conf->{unprivileged};
}
}
if ($storage_only_mode) {
--
2.20.1