From: Alexandre Derumier <aderumier@odiso.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH qemu-server] restore: remove param from restored config if no access
Date: Fri, 9 Jun 2023 10:08:55 +0200 [thread overview]
Message-ID: <20230609080855.541473-1-aderumier@odiso.com> (raw)
Currently check bridge access, but it could be extended
for pci/usb devices access when it'll be implemented
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
PVE/QemuServer.pm | 24 ++++++++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 7f7b10b..786764e 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -6520,6 +6520,26 @@ sub check_bridge_access {
return 1;
};
+#remove params from restore config where we don't have permissions
+sub check_restore_config_access {
+ my ($rpcenv, $authuser, $conf) = @_;
+
+ return 1 if $authuser eq 'root@pam';
+
+ for my $opt (sort keys $conf->%*) {
+ next if $opt !~ m/^net\d+$/;
+ eval {
+ check_bridge_access($rpcenv, $authuser, {$opt => $conf->{$opt}});
+ };
+ if ($@) {
+ warn "$opt: $@\n";
+ warn "$opt: no bridge access. removing $opt from restored config\n";
+ delete $conf->{$opt};
+ }
+ }
+ return 1;
+};
+
# vzdump restore implementaion
sub tar_archive_read_firstfile {
@@ -7164,7 +7184,7 @@ sub restore_proxmox_backup_archive {
}
my $new_conf = $restore_merge_config->($conffile, $new_conf_raw, $options->{override_conf});
- check_bridge_access($rpcenv, $user, $new_conf);
+ check_restore_config_access($rpcenv, $user, $new_conf);
PVE::QemuConfig->write_config($vmid, $new_conf);
eval { rescan($vmid, 1); };
@@ -7478,7 +7498,7 @@ sub restore_vma_archive {
}
my $new_conf = $restore_merge_config->($conffile, $new_conf_raw, $opts->{override_conf});
- check_bridge_access($rpcenv, $user, $new_conf);
+ check_restore_config_access($rpcenv, $user, $new_conf);
PVE::QemuConfig->write_config($vmid, $new_conf);
eval { rescan($vmid, 1); };
--
2.30.2
reply other threads:[~2023-06-09 8:08 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230609080855.541473-1-aderumier@odiso.com \
--to=aderumier@odiso.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox