From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 3A4111FF183 for ; Wed, 30 Jul 2025 16:58:59 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 631CF122F7; Wed, 30 Jul 2025 17:00:19 +0200 (CEST) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pve-devel@lists.proxmox.com Date: Wed, 30 Jul 2025 17:00:11 +0200 Message-Id: <20250730150013.901666-3-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250730150013.901666-1-f.gruenbichler@proxmox.com> References: <20250730150013.901666-1-f.gruenbichler@proxmox.com> MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1753887604927 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.046 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH container 2/3] create/restore: require Sys.Modify for privileged containers X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" ZXhjZXB0IGZvciBpbi1wbGFjZSByZXN0b3JlIHdoZXJlIGJvdGggdGhlIGN1cnJlbnQgYW5kIHRo ZSBiYWNrZWQtdXAgY29uZmlnIGFyZQphbHJlYWR5IHByaXZpbGVnZWQuCgp0aGlzIGNvdmVycyB0 aGUgZm9sbG93aW5nIGNhc2VzOgotIGNyZWF0aW5nIGEgZnJlc2ggY29udGFpbmVyOiBkZWZhdWx0 cyB0byB1bnByaXZpbGVnZWQsIHJlcXVpcmVzIFN5cy5Nb2RpZnkgaWYgc2V0IHRvIHByaXZpbGVn ZWQKLSByZXN0b3Jpbmcgd2l0aCBleHBsaWNpdCBvdmVycmlkZSBvZiB1bnByaXZpbGVnZWQgdmFs dWUgdG8gbWFrZSB0aGUgY29udGFpbmVyIHByaXZpbGVnZWQKLSBpbi1wbGFjZSByZXN0b3Jpbmcg b2YgcHJpdmlsZWdlZCBiYWNrdXAgb3ZlciB1bnByaXZpbGVnZWQgY29uZmlnCi0gcmVzdG9yaW5n IG9mIHByaXZpbGVnZWQgYmFja3VwIGludG8gbmV3IGNvbnRhaW5lcgoKU2lnbmVkLW9mZi1ieTog RmFiaWFuIEdyw7xuYmljaGxlciA8Zi5ncnVlbmJpY2hsZXJAcHJveG1veC5jb20+Ci0tLQogc3Jj L1BWRS9BUEkyL0xYQy5wbSB8IDE4ICsrKysrKysrKysrLS0tLS0tLQogMSBmaWxlIGNoYW5nZWQs IDExIGluc2VydGlvbnMoKyksIDcgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvc3JjL1BWRS9B UEkyL0xYQy5wbSBiL3NyYy9QVkUvQVBJMi9MWEMucG0KaW5kZXggYTI0N2I4MC4uOTUxYjFjNyAx MDA2NDQKLS0tIGEvc3JjL1BWRS9BUEkyL0xYQy5wbQorKysgYi9zcmMvUFZFL0FQSTIvTFhDLnBt CkBAIC0xMzksNyArMTM5LDggQEAgX19QQUNLQUdFX18tPnJlZ2lzdGVyX21ldGhvZCh7CiAgICAg ICAgIGRlc2NyaXB0aW9uID0+CiAgICAgICAgICAgICAiWW91IG5lZWQgJ1ZNLkFsbG9jYXRlJyBw ZXJtaXNzaW9uIG9uIC92bXMve3ZtaWR9IG9yIG9uIHRoZSBWTSBwb29sIC9wb29sL3twb29sfS4g IgogICAgICAgICAgICAgLiAiRm9yIHJlc3RvcmUsIGl0IGlzIGVub3VnaCBpZiB0aGUgdXNlciBo YXMgJ1ZNLkJhY2t1cCcgcGVybWlzc2lvbiBhbmQgdGhlIFZNIGFscmVhZHkgZXhpc3RzLiAiCi0g ICAgICAgICAgICAuICJZb3UgYWxzbyBuZWVkICdEYXRhc3RvcmUuQWxsb2NhdGVTcGFjZScgcGVy bWlzc2lvbnMgb24gdGhlIHN0b3JhZ2UuIiwKKyAgICAgICAgICAgIC4gIllvdSBhbHNvIG5lZWQg J0RhdGFzdG9yZS5BbGxvY2F0ZVNwYWNlJyBwZXJtaXNzaW9ucyBvbiB0aGUgc3RvcmFnZS4gIgor ICAgICAgICAgICAgLiAiRm9yIHByaXZpbGVnZWQgY29udGFpbmVycywgJ1N5cy5Nb2RpZnknIHBl cm1pc3Npb25zIG9uICcvJyBhcmUgcmVxdWlyZWQuIiwKICAgICB9LAogICAgIHByb3RlY3RlZCA9 PiAxLAogICAgIHByb3h5dG8gPT4gJ25vZGUnLApAQCAtMjU0LDYgKzI1NSw3IEBAIF9fUEFDS0FH RV9fLT5yZWdpc3Rlcl9tZXRob2QoewogICAgICAgICAgICAgIyBmaXhtZTogbGltaXQgYWxsb3dl ZCBwYXJhbWV0ZXJzCiAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAkdW5wcml2aWxlZ2Vk ID0gMSBpZiAhZGVmaW5lZCgkdW5wcml2aWxlZ2VkKTsKKyAgICAgICAgICAgICRycGNlbnYtPmNo ZWNrKCRhdXRodXNlciwgJy8nLCBbJ1N5cy5Nb2RpZnknXSkgaWYgISR1bnByaXZpbGVnZWQ7CiAg ICAgICAgIH0KIAogICAgICAgICBteSAkZm9yY2UgPSBleHRyYWN0X3BhcmFtKCRwYXJhbSwgJ2Zv cmNlJyk7CkBAIC0yODksMTIgKzI5MSwxMSBAQCBfX1BBQ0tBR0VfXy0+cmVnaXN0ZXJfbWV0aG9k KHsKICAgICAgICAgICAgICMgc2luY2UgdGhlIHVzZXIgaXMgbGFja2luZyBwZXJtaXNzaW9uIHRv IGNvbmZpZ3VyZSB0aGUgY29udGFpbmVyJ3MgRlcKICAgICAgICAgICAgICRza2lwX2Z3X2NvbmZp Z19yZXN0b3JlID0gMTsKIAotICAgICAgICAgICAgIyBlcnJvciBvdXQgaWYgYSB1c2VyIHRyaWVz IHRvIGNoYW5nZSBmcm9tIHVucHJpdmlsZWdlZCB0byBwcml2aWxlZ2VkCisgICAgICAgICAgICAj IGVycm9yIG91dCBpZiBhIHVzZXIgdHJpZXMgdG8gY2hhbmdlIGZyb20gdW5wcml2aWxlZ2VkIHRv IHByaXZpbGVnZWQgd2l0aG91dCByZXF1aXJlZCBwcml2aWxlZ2VzCiAgICAgICAgICAgICAjIGV4 cGxpY2l0IGNoYW5nZSBpcyBjaGVja2VkIGhlcmUsIGltcGxpY2l0IGlzIGNoZWNrZWQgZG93biBi ZWxvdyBvciBoYXBwZW5pbmcgaW4gcm9vdC1vbmx5IHBhdGhzCiAgICAgICAgICAgICBteSAkY29u ZiA9IFBWRTo6TFhDOjpDb25maWctPmxvYWRfY29uZmlnKCR2bWlkKTsKICAgICAgICAgICAgIGlm ICgkY29uZi0+e3VucHJpdmlsZWdlZH0gJiYgZGVmaW5lZCgkdW5wcml2aWxlZ2VkKSAmJiAhJHVu cHJpdmlsZWdlZCkgewotICAgICAgICAgICAgICAgIHJhaXNlX3Blcm1fZXhjKAotICAgICAgICAg ICAgICAgICAgICAiY2Fubm90IGNoYW5nZSBmcm9tIHVucHJpdmlsZWdlZCB0byBwcml2aWxlZ2Vk IHdpdGhvdXQgVk0uQWxsb2NhdGUiKTsKKyAgICAgICAgICAgICAgICAkcnBjZW52LT5jaGVjaygk YXV0aHVzZXIsICcvJywgWydTeXMuTW9kaWZ5J10pOwogICAgICAgICAgICAgfQogICAgICAgICB9 IGVsc2UgewogICAgICAgICAgICAgcmFpc2VfcGVybV9leGMoKTsKQEAgLTQ0Miw5ICs0NDMsMTIg QEAgX19QQUNLQUdFX18tPnJlZ2lzdGVyX21ldGhvZCh7CiAgICAgICAgICAgICAgICAgICAgICAg ICBhc3NlcnRfbm90X3Jlc3RvcmVfZnJvbV9leHRlcm5hbCgkYXJjaGl2ZSwgJHN0b3JhZ2VfY2Zn KQogICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlmICEkY29uZi0+e3VucHJpdmlsZWdlZH07 CiAKLSAgICAgICAgICAgICAgICAgICAgICAgICMgaW1wbGljaXQgcHJpdmlsZWdlZCBjaGFuZ2Ug aXMgY2hlY2tlZCBoZXJlCi0gICAgICAgICAgICAgICAgICAgICAgICBpZiAoJG9sZF9jb25mLT57 dW5wcml2aWxlZ2VkfSAmJiAhJGNvbmYtPnt1bnByaXZpbGVnZWR9KSB7Ci0gICAgICAgICAgICAg ICAgICAgICAgICAgICAgJHJwY2Vudi0+Y2hlY2tfdm1fcGVybSgkYXV0aHVzZXIsICR2bWlkLCAk cG9vbCwgWydWTS5BbGxvY2F0ZSddKTsKKyAgICAgICAgICAgICAgICAgICAgICAgICMgaW1wbGlj aXQgcHJpdmlsZWdlZCBjaGFuZ2UsIG9yIGNyZWF0aW5nIGEgbmV3IHByaXZpbGVnZWQgY29udGFp bmVyIGlzIGNoZWNrZWQgaGVyZQorICAgICAgICAgICAgICAgICAgICAgICAgaWYgKAorICAgICAg ICAgICAgICAgICAgICAgICAgICAgICghJHNhbWVfY29udGFpbmVyX2V4aXN0cyB8fCAkb2xkX2Nv bmYtPnt1bnByaXZpbGVnZWR9KQorICAgICAgICAgICAgICAgICAgICAgICAgICAgICYmICEkY29u Zi0+e3VucHJpdmlsZWdlZH0KKyAgICAgICAgICAgICAgICAgICAgICAgICkgeworICAgICAgICAg ICAgICAgICAgICAgICAgICAgICRycGNlbnYtPmNoZWNrKCRhdXRodXNlciwgJy8nLCBbJ1N5cy5N b2RpZnknXSk7CiAgICAgICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAg IH0KICAgICAgICAgICAgICAgICB9Ci0tIAoyLjM5LjUKCgoKX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX18KcHZlLWRldmVsIG1haWxpbmcgbGlzdApwdmUtZGV2 ZWxAbGlzdHMucHJveG1veC5jb20KaHR0cHM6Ly9saXN0cy5wcm94bW94LmNvbS9jZ2ktYmluL21h aWxtYW4vbGlzdGluZm8vcHZlLWRldmVsCg==