From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
Fiona Ebner <f.ebner@proxmox.com>
Subject: [pve-devel] applied: [PATCH common v4 06/27] tools: run fork: allow running code in parent after fork
Date: Thu, 14 Nov 2024 20:46:08 +0100 [thread overview]
Message-ID: <593cdfe4-d1fa-483e-a420-c49d5197e515@proxmox.com> (raw)
In-Reply-To: <20241114150754.374376-7-f.ebner@proxmox.com>
Am 14.11.24 um 16:07 schrieb Fiona Ebner:
> Add an option parameter to the run_fork() run_fork_with_timeout()
> functions, where an 'afterfork' subroutine that is run in the parent
> process after the fork can be specified. It is made subject to the
> timeout too, because the fork already started running at that point
> and an error in the 'afterfork' subroutine will take priority over an
> error in the child.
>
> In preparation to add a helper to run a Perl subroutine in a user
> namespace, which, in turn, will be used for running the container
> backup subroutine for external providers inside a user namespace. That
> allows them to see the filesystem to back-up from the containers
> perspective and also improves security because of isolation.
>
> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
> ---
>
> New in v4.
>
> src/PVE/Tools.pm | 23 +++++++++++++++++------
> 1 file changed, 17 insertions(+), 6 deletions(-)
>
>
applied, thanks!
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2024-11-14 19:46 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-14 15:07 [pve-devel] [PATCH-SERIES qemu/common/storage/qemu-server/container/manager v4 00/27] backup provider API Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH qemu v4 01/27] PVE backup: add target ID in backup state Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH qemu v4 02/27] PVE backup: get device info: allow caller to specify filter for which devices use fleecing Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH qemu v4 03/27] PVE backup: implement backup access setup and teardown API for external providers Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH qemu v4 04/27] PVE backup: implement bitmap support for external backup access Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH common v4 05/27] test: lock file: get rid of END block that made test always pass Fiona Ebner
2024-11-14 19:46 ` [pve-devel] applied: " Thomas Lamprecht
2024-11-14 15:07 ` [pve-devel] [PATCH common v4 06/27] tools: run fork: allow running code in parent after fork Fiona Ebner
2024-11-14 19:46 ` Thomas Lamprecht [this message]
2024-11-14 15:07 ` [pve-devel] [PATCH common v4 07/27] test: have lock file test use run_fork() helper Fiona Ebner
2024-11-14 19:46 ` [pve-devel] applied: " Thomas Lamprecht
2024-11-14 15:07 ` [pve-devel] [PATCH storage v4 08/27] add storage_has_feature() helper function Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH storage v4 09/27] plugin: introduce new_backup_provider() method Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH storage v4 10/27] extract backup config: delegate to backup provider for storages that support it Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [POC storage v4 11/27] add backup provider example Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [POC storage v4 12/27] WIP Borg plugin Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH qemu-server v4 13/27] backup: keep track of block-node size for fleecing Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH qemu-server v4 14/27] module config: load nbd module at boot Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH qemu-server v4 15/27] backup: allow adding fleecing images also for EFI and TPM Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH qemu-server v4 16/27] backup: implement backup for external providers Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH qemu-server v4 17/27] backup: implement restore " Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH qemu-server v4 18/27] backup restore: external: hardening check for untrusted source image Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH container v4 19/27] add LXC::Namespaces module Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH container v4 20/27] backup: implement backup for external providers Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH container v4 21/27] backup: implement restore " Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH container v4 22/27] external restore: don't use 'one-file-system' tar flag when restoring from a directory Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH container v4 23/27] create: factor out compression option helper Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH container v4 24/27] restore tar archive: check potentially untrusted archive Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH container v4 25/27] api: add early check against restoring privileged container from external source Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH manager v4 26/27] ui: backup: also check for backup subtype to classify archive Fiona Ebner
2024-11-14 15:07 ` [pve-devel] [PATCH manager v4 27/27] backup: implement backup for external providers Fiona Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=593cdfe4-d1fa-483e-a420-c49d5197e515@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=f.ebner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox