From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 3C0B36B420 for ; Tue, 3 Aug 2021 14:29:56 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 399C212EEB for ; Tue, 3 Aug 2021 14:29:56 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id EBB2712EC2 for ; Tue, 3 Aug 2021 14:29:54 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id AB19342CE1 for ; Tue, 3 Aug 2021 14:29:54 +0200 (CEST) From: Dominik Csapak To: pve-devel@lists.proxmox.com Date: Tue, 3 Aug 2021 14:29:50 +0200 Message-Id: <20210803122954.2641138-1-d.csapak@proxmox.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.483 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [lxc.pm, config.pm] Subject: [pve-devel] [PATCH container/manager] default nesting for unpriv containers in ui X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Aug 2021 12:29:56 -0000 since many modern containers need the nesting feature to work properly (thanks systemd...), we add a checkbox that is on by default (and disables with unprivileged, since nested privileged containers are not very secure) to do that, we first have to loosen the nesting constraints in the api a bit. we do that by allowing to set that for unprivileged containers when the user has the 'VM.Allocate' privilege. (just to note: a user with that right can also create privileged containers, but could not enable nesting for them) pve-container: Dominik Csapak (2): add old config and unprivileged to check_ct_modify_config_perm allow nesting to be changed for VM.Allocate on unprivileged containers src/PVE/API2/LXC.pm | 6 +++-- src/PVE/API2/LXC/Config.pm | 9 +++++--- src/PVE/LXC.pm | 45 +++++++++++++++++++++++++++++++++++--- 3 files changed, 52 insertions(+), 8 deletions(-) pve-manager: Dominik Csapak (2): ui: lxc/Options: allow opening features window for VM.Allocate ui: lxc/CreateWizard: add a 'nesting' checkbox and enable it by default www/manager6/lxc/CreateWizard.js | 10 ++++++++++ www/manager6/lxc/Options.js | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) -- 2.30.2