From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 08BD11FF15F for ; Mon, 9 Sep 2024 14:50:17 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 9683513203; Mon, 9 Sep 2024 14:50:53 +0200 (CEST) From: Filip Schauer To: pve-devel@lists.proxmox.com Date: Mon, 9 Sep 2024 14:50:45 +0200 Message-Id: <20240909125047.47720-1-f.schauer@proxmox.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.055 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH container/manager v3 0/2] add a deny-write option for device passthrough X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Add the deny-write options for device passthrough, to restrict container access to devices. This allows for passing through a device in read-only mode without giving the container full access to it. Up until now a container with a device passed through to it was granted full access to that device without an option to restrict that access as pointed out by @Fiona. Changes since v1: * set default values for deny_read & deny_write * remove the deny_read checkbox from the UI, since it is expected to only have a very niche use case. Changes since v2: * remove the deny_read option due to a lack of use-cases * rename deny_write to deny-write pve-container: Filip Schauer (1): add deny-write option for device passthrough src/PVE/LXC.pm | 7 ++++++- src/PVE/LXC/Config.pm | 6 ++++++ 2 files changed, 12 insertions(+), 1 deletion(-) pve-manager: Filip Schauer (1): ui: lxc: add readonly option for device passthrough www/manager6/lxc/DeviceEdit.js | 8 ++++++++ 1 file changed, 8 insertions(+) Summary over all repositories: 3 files changed, 20 insertions(+), 1 deletions(-) -- Generated by git-murpp 0.6.0 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel