From: Dominik Csapak <d.csapak@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH container/manager] default nesting for unpriv containers in ui
Date: Tue, 3 Aug 2021 14:29:50 +0200 [thread overview]
Message-ID: <20210803122954.2641138-1-d.csapak@proxmox.com> (raw)
since many modern containers need the nesting feature to work properly
(thanks systemd...), we add a checkbox that is on by default
(and disables with unprivileged, since nested privileged containers
are not very secure)
to do that, we first have to loosen the nesting constraints in the api
a bit. we do that by allowing to set that for unprivileged containers
when the user has the 'VM.Allocate' privilege.
(just to note: a user with that right can also create privileged
containers, but could not enable nesting for them)
pve-container:
Dominik Csapak (2):
add old config and unprivileged to check_ct_modify_config_perm
allow nesting to be changed for VM.Allocate on unprivileged containers
src/PVE/API2/LXC.pm | 6 +++--
src/PVE/API2/LXC/Config.pm | 9 +++++---
src/PVE/LXC.pm | 45 +++++++++++++++++++++++++++++++++++---
3 files changed, 52 insertions(+), 8 deletions(-)
pve-manager:
Dominik Csapak (2):
ui: lxc/Options: allow opening features window for VM.Allocate
ui: lxc/CreateWizard: add a 'nesting' checkbox and enable it by
default
www/manager6/lxc/CreateWizard.js | 10 ++++++++++
www/manager6/lxc/Options.js | 2 +-
2 files changed, 11 insertions(+), 1 deletion(-)
--
2.30.2
next reply other threads:[~2021-08-03 12:29 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-03 12:29 Dominik Csapak [this message]
2021-08-03 12:29 ` [pve-devel] [PATCH container 1/2] add old config and unprivileged to check_ct_modify_config_perm Dominik Csapak
2021-08-04 8:45 ` Wolfgang Bumiller
2021-08-04 8:47 ` Fabian Ebner
2021-08-04 8:49 ` Fabian Ebner
2021-08-03 12:29 ` [pve-devel] [PATCH container 2/2] allow nesting to be changed for VM.Allocate on unprivileged containers Dominik Csapak
2021-08-04 8:53 ` Wolfgang Bumiller
2021-08-04 8:57 ` Fabian Ebner
2021-08-03 12:29 ` [pve-devel] [PATCH manager 1/2] ui: lxc/Options: allow opening features window for VM.Allocate Dominik Csapak
2021-08-03 12:29 ` [pve-devel] [PATCH manager 2/2] ui: lxc/CreateWizard: add a 'nesting' checkbox and enable it by default Dominik Csapak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210803122954.2641138-1-d.csapak@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox