From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 2EA9B1FF163 for ; Thu, 7 Nov 2024 17:54:37 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id B5EB8353CB; Thu, 7 Nov 2024 17:52:55 +0100 (CET) From: Fiona Ebner To: pve-devel@lists.proxmox.com Date: Thu, 7 Nov 2024 17:51:44 +0100 Message-Id: <20241107165146.125935-33-f.ebner@proxmox.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241107165146.125935-1-f.ebner@proxmox.com> References: <20241107165146.125935-1-f.ebner@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.056 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [RFC container v3 32/34] api: add early check against restoring privileged container from external source X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" While restore_external_archive() already has a check, that happens after an existing container is destroyed. Signed-off-by: Fiona Ebner --- New in v3. src/PVE/API2/LXC.pm | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm index 213e518..dca0e35 100644 --- a/src/PVE/API2/LXC.pm +++ b/src/PVE/API2/LXC.pm @@ -39,6 +39,17 @@ BEGIN { } } +my sub assert_not_restore_from_external { + my ($archive, $storage_cfg) = @_; + + my ($storeid, undef) = PVE::Storage::parse_volume_id($archive, 1); + + return if !defined($storeid); + return if !PVE::Storage::storage_has_feature($storage_cfg, $storeid, 'backup-provider'); + + die "refusing to restore privileged container backup from external source\n"; +} + my $check_storage_access_migrate = sub { my ($rpcenv, $authuser, $storecfg, $storage, $node) = @_; @@ -408,6 +419,9 @@ __PACKAGE__->register_method({ $conf->{unprivileged} = $orig_conf->{unprivileged} if !defined($unprivileged) && defined($orig_conf->{unprivileged}); + assert_not_restore_from_external($archive, $storage_cfg) + if !$conf->{unprivileged}; + # implicit privileged change is checked here if ($old_conf->{unprivileged} && !$conf->{unprivileged}) { $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Allocate']); -- 2.39.5 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel