From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 22F541FF15E for ; Fri, 6 Sep 2024 14:14:27 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 58483116CC; Fri, 6 Sep 2024 14:15:01 +0200 (CEST) Message-ID: <2568be20-ad08-4539-b98f-9b9d454634ab@proxmox.com> Date: Fri, 6 Sep 2024 14:14:27 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: Proxmox VE development discussion , Filip Schauer References: <20240724171857.432913-1-f.schauer@proxmox.com> Content-Language: en-US From: Fiona Ebner In-Reply-To: <20240724171857.432913-1-f.schauer@proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL -0.053 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: Re: [pve-devel] [PATCH container/manager v2 0/2] add deny read/write options for device passthrough X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Am 24.07.24 um 19:18 schrieb Filip Schauer: > Add the deny_read and deny_write options for device passthrough, to > restrict container access to devices. > > This allows for passing through a device in read-only mode without > giving the container full access it. > > Up until now a container with a device passed through to it was granted > full access to that device without an option to restrict that access as > pointed out by @Fiona. > > Changes since v1: > * set default values for deny_read & deny_write > * remove the deny_read checkbox from the UI, since it is expected to > only have a very niche use case. > We could also use dashes instead of underscores, i.e. "deny-read"/"deny-write" as we often do for new properties. Still not fully sure we need deny_read in the backend until somebody complains with a sensible use case, but I guess it doesn't hurt if it's already there. In any case: Reviewed-by: Fiona Ebner Tested-by: Fiona Ebner _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel