* [pve-devel] [PATCH v4 container 0/2] bug fixes for pct restore
@ 2021-02-25 14:11 Oguz Bektas
2021-02-25 14:11 ` [pve-devel] [PATCH v4 container 1/2] fix #3313: recover unprivileged bit from old config during " Oguz Bektas
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Oguz Bektas @ 2021-02-25 14:11 UTC (permalink / raw)
To: pve-devel
Oguz Bektas (2):
fix #3313: recover unprivileged bit from old config during pct restore
do not limit restoring container templates to root
src/PVE/API2/LXC.pm | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--
2.20.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] [PATCH v4 container 1/2] fix #3313: recover unprivileged bit from old config during pct restore
2021-02-25 14:11 [pve-devel] [PATCH v4 container 0/2] bug fixes for pct restore Oguz Bektas
@ 2021-02-25 14:11 ` Oguz Bektas
2021-02-25 14:11 ` [pve-devel] [PATCH v4 container 2/2] do not limit restoring container templates to root Oguz Bektas
2021-02-25 18:23 ` [pve-devel] applied-series: [PATCH v4 container 0/2] bug fixes for pct restore Thomas Lamprecht
2 siblings, 0 replies; 4+ messages in thread
From: Oguz Bektas @ 2021-02-25 14:11 UTC (permalink / raw)
To: pve-devel
since pct defaults to privileged containers, it restores the container
as privileged when `--unprivileged 1` is not passed.
instead we should check the old configuration and retrieve it from
there.
this way, when one creates an unprivileged container on GUI, it will be
still restored as unprivileged via pct (without having to pass
`--unprivileged`)
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
---
v3->v4:
* split
src/PVE/API2/LXC.pm | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 8ce462f..04456a8 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -362,6 +362,9 @@ __PACKAGE__->register_method({
# 'lxc.idmap' entries. We need to make sure that the extracted contents
# of the container match up with the restored configuration afterwards:
$conf->{lxc} = $orig_conf->{lxc};
+
+ $conf->{unprivileged} = $orig_conf->{unprivileged}
+ if !defined($unprivileged) && defined($orig_conf->{unprivileged});
}
}
if ($storage_only_mode) {
--
2.20.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] [PATCH v4 container 2/2] do not limit restoring container templates to root
2021-02-25 14:11 [pve-devel] [PATCH v4 container 0/2] bug fixes for pct restore Oguz Bektas
2021-02-25 14:11 ` [pve-devel] [PATCH v4 container 1/2] fix #3313: recover unprivileged bit from old config during " Oguz Bektas
@ 2021-02-25 14:11 ` Oguz Bektas
2021-02-25 18:23 ` [pve-devel] applied-series: [PATCH v4 container 0/2] bug fixes for pct restore Thomas Lamprecht
2 siblings, 0 replies; 4+ messages in thread
From: Oguz Bektas @ 2021-02-25 14:11 UTC (permalink / raw)
To: pve-devel
but still keep the lxc.* parameters limited to root
note: $orig_mp_param isn't protected by $is_root, but when it's used we
make another recover_config() call on the archive file
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
---
v3->v4:
* split
src/PVE/API2/LXC.pm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 04456a8..df0cc88 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -352,7 +352,7 @@ __PACKAGE__->register_method({
my $orig_mp_param; # only used if $restore
if ($restore) {
die "can't overwrite running container\n" if PVE::LXC::check_running($vmid);
- if ($is_root && $archive ne '-') {
+ if ($archive ne '-') {
my $orig_conf;
print "recovering backed-up configuration from '$archive'\n";
($orig_conf, $orig_mp_param) = PVE::LXC::Create::recover_config($storage_cfg, $archive, $vmid);
@@ -361,7 +361,7 @@ __PACKAGE__->register_method({
# causing it to restore the raw lxc entries, among which there may be
# 'lxc.idmap' entries. We need to make sure that the extracted contents
# of the container match up with the restored configuration afterwards:
- $conf->{lxc} = $orig_conf->{lxc};
+ $conf->{lxc} = $orig_conf->{lxc} if $is_root;
$conf->{unprivileged} = $orig_conf->{unprivileged}
if !defined($unprivileged) && defined($orig_conf->{unprivileged});
--
2.20.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] applied-series: [PATCH v4 container 0/2] bug fixes for pct restore
2021-02-25 14:11 [pve-devel] [PATCH v4 container 0/2] bug fixes for pct restore Oguz Bektas
2021-02-25 14:11 ` [pve-devel] [PATCH v4 container 1/2] fix #3313: recover unprivileged bit from old config during " Oguz Bektas
2021-02-25 14:11 ` [pve-devel] [PATCH v4 container 2/2] do not limit restoring container templates to root Oguz Bektas
@ 2021-02-25 18:23 ` Thomas Lamprecht
2 siblings, 0 replies; 4+ messages in thread
From: Thomas Lamprecht @ 2021-02-25 18:23 UTC (permalink / raw)
To: Proxmox VE development discussion, Oguz Bektas
On 25.02.21 15:11, Oguz Bektas wrote:
>
> Oguz Bektas (2):
> fix #3313: recover unprivileged bit from old config during pct restore
> do not limit restoring container templates to root
>
> src/PVE/API2/LXC.pm | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
applied, re-orders to my proposed order as then the both patches work
independently.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-02-25 18:23 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-25 14:11 [pve-devel] [PATCH v4 container 0/2] bug fixes for pct restore Oguz Bektas
2021-02-25 14:11 ` [pve-devel] [PATCH v4 container 1/2] fix #3313: recover unprivileged bit from old config during " Oguz Bektas
2021-02-25 14:11 ` [pve-devel] [PATCH v4 container 2/2] do not limit restoring container templates to root Oguz Bektas
2021-02-25 18:23 ` [pve-devel] applied-series: [PATCH v4 container 0/2] bug fixes for pct restore Thomas Lamprecht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox