From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <p.hufnagl@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id EC749B74B
 for <pve-devel@lists.proxmox.com>; Wed,  9 Aug 2023 16:21:14 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id BAAD1165D9
 for <pve-devel@lists.proxmox.com>; Wed,  9 Aug 2023 16:20:44 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pve-devel@lists.proxmox.com>; Wed,  9 Aug 2023 16:20:43 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 803AA43C91
 for <pve-devel@lists.proxmox.com>; Wed,  9 Aug 2023 16:20:43 +0200 (CEST)
Message-ID: <22eba78f-dec2-42ff-9d75-3107aecdd981@proxmox.com>
Date: Wed, 9 Aug 2023 16:20:42 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Fiona Ebner <f.ebner@proxmox.com>,
 Proxmox VE development discussion <pve-devel@lists.proxmox.com>
References: <20230808091342.637190-1-p.hufnagl@proxmox.com>
 <a3ea6ca3-9e48-9b93-7c9e-4ba137880275@proxmox.com>
From: Philipp Hufnagl <p.hufnagl@proxmox.com>
In-Reply-To: <a3ea6ca3-9e48-9b93-7c9e-4ba137880275@proxmox.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.006 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [PATCH manager] fix #474: allow transfer from
 container/vms
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Wed, 09 Aug 2023 14:21:15 -0000

On 8/9/23 13:32, Fiona Ebner wrote:

> The permission for the original pool should be checked here?! Or is 
> that already done somewhere? 

The permission of the original pool does not matter. The permission of 
the VM is important
(maybe the original pool granting the user permission on the VM). 
Hovever I tested it with granting the
user merely audit permissions on the VM and admin permissions on the 
target pool and still got the
correct permission error so I don't think the permission checks have to 
be modified at all