From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <n.hawker@chester.ac.uk>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 700B064C44
 for <pve-devel@lists.proxmox.com>; Fri,  4 Mar 2022 12:08:54 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 372AA359B
 for <pve-devel@lists.proxmox.com>; Fri,  4 Mar 2022 12:08:24 +0100 (CET)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com
 (mail-vi1eur04on062d.outbound.protection.outlook.com
 [IPv6:2a01:111:f400:fe0e::62d])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 5D6403588
 for <pve-devel@lists.proxmox.com>; Fri,  4 Mar 2022 12:08:22 +0100 (CET)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=dHtfagoGzd6zUiYxnFL9Vqv5LL6TJjyNbJ/a+BLzdxGKu8Nvtfkd1NBDvfmbrZXTaP4do0/I1bGzuOMsQN9wnJHISSST87ShxxmareElcmVkmm5ND3VAwS6tYVEGLRBwn9h03VxMReEdNQs+4UHY9CkSFTnQIwx+m0Wts33XHewGQO/JGFFq451jyqYHJgylTSp9R1aFoH6T4SStAJbmWu+hCzf6UvrlRUA2fmF3aFa3Opz7/M3q8Kk9Il3D0HbfbzOh+v7KrU2t7G3lSR9LMlLhdwif+q8RFN2Z5qXVsa0938TYVkQeST8Pn0akBI0/L+8GzI5jX/q7NwxJLSy17Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=9P/kru2bvIqo7C96iAe6GpaDcJeP93WAi/aNwAgSs5I=;
 b=Q2rdAHBk/bwCEB/toydj/u7tbi7Os4b1v1ydEMkozvWmEhr9Ny2GajKs3fyDsWr4gRfEiC526xfDhqSJVte8J/vrf+N6NVDVw41ZBAI6Ql7+KGALkMdR3iJN0xZ2XxyLKg7ri7OaqcfbxCPvhO41dkh0gAlpv0yit5LcVwXqR0S5GAyURnReqnjz+om6O6Nrn6WPVJgiMGBO3VH383C+FOApHC2/yQCK+lCP2LxHL//1xLv96KWY/JxsJAOY1DaqikD50+b+gBww/zldbwUC4n4+WwU2ZC6yKjBOmXBV30rG1KhnZbO6echQxoh/9h0tx8GJzAqWF+KRMkVjwjbjTg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 195.195.128.231) smtp.rcpttodomain=lists.proxmox.com
 smtp.mailfrom=chester.ac.uk; dmarc=bestguesspass action=none
 header.from=chester.ac.uk; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=outlooklivechesterac.onmicrosoft.com;
 s=selector2-outlooklivechesterac-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=9P/kru2bvIqo7C96iAe6GpaDcJeP93WAi/aNwAgSs5I=;
 b=rXZQWlFilgp9VAUtMmJQRagCOQ/oFiKKHdyRaLVXV4Xqv+8BSYxPsXLOSc8FNoYEkkmYp9bQ0I3oDtQJ4FZ4cq5RprbFPj4JISOxrSCY5aa3rpP3QyRJwq6OGKteHwa8SuZomHV2KoZ2K3if5dSEaZ//kVHc58oaTz6dJREOqko=
Received: from AM7PR03CA0021.eurprd03.prod.outlook.com (2603:10a6:20b:130::31)
 by AS8PR02MB6567.eurprd02.prod.outlook.com (2603:10a6:20b:25f::7)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.16; Fri, 4 Mar
 2022 11:08:15 +0000
Received: from VE1EUR02FT031.eop-EUR02.prod.protection.outlook.com
 (2603:10a6:20b:130:cafe::83) by AM7PR03CA0021.outlook.office365.com
 (2603:10a6:20b:130::31) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.14 via Frontend
 Transport; Fri, 4 Mar 2022 11:08:15 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 195.195.128.231)
 smtp.mailfrom=chester.ac.uk;
 dkim=none (message not signed)
 header.d=none;dmarc=bestguesspass action=none header.from=chester.ac.uk;
Received-SPF: Pass (protection.outlook.com: domain of chester.ac.uk designates
 195.195.128.231 as permitted sender)
 receiver=protection.outlook.com; 
 client-ip=195.195.128.231; helo=mail.chester.ac.uk;
Received: from mail.chester.ac.uk (195.195.128.231) by
 VE1EUR02FT031.mail.protection.outlook.com (10.152.12.135) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
 15.20.5038.14 via Frontend Transport; Fri, 4 Mar 2022 11:08:14 +0000
Received: from MWRSMAIL2.Chester.lan (10.58.0.172) by VWEX2013-2.Chester.lan
 (195.195.128.231) with Microsoft SMTP Server (TLS) id 15.0.1497.28; Fri, 4
 Mar 2022 11:08:14 +0000
Received: from MWRSMAIL1.Chester.lan (10.58.0.171) by MWRSMAIL2.Chester.lan
 (10.58.0.172) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Fri, 4 Mar
 2022 11:08:14 +0000
Received: from MWRSMAIL1.Chester.lan ([fe80::ac9b:8350:a76:3aa8]) by
 MWRSMAIL1.Chester.lan ([fe80::ac9b:8350:a76:3aa8%2]) with mapi id
 15.01.2308.021; Fri, 4 Mar 2022 11:08:14 +0000
From: Neil Hawker <n.hawker@chester.ac.uk>
To: "'pve-devel@lists.proxmox.com'" <pve-devel@lists.proxmox.com>
Thread-Topic: Vmbr bridge permissions and SDN improvements?
Thread-Index: AdgvuCPo6Bef/7DrRT+JqbtyiBVbdw==
Date: Fri, 4 Mar 2022 11:08:14 +0000
Message-ID: <60b926a31d88487986c6743c35031822@chester.ac.uk>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.31.2.168]
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 34948c37-e957-42bd-8b51-08d9fdcf4780
X-MS-TrafficTypeDiagnostic: AS8PR02MB6567:EE_
X-Microsoft-Antispam-PRVS: <AS8PR02MB6567918EBFA183E6D472ABCCDA059@AS8PR02MB6567.eurprd02.prod.outlook.com>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: n8C4IwXRY6vHpq/3jZVy4g9+2TaCWsOjPd6qa+B24GNX77RYvz+csVKEe46wLHZXp1IoHeWl2T+1LKfunER9xzQNIu0AOEr2NERtlyKU0NRJZvjE8rKyRxA25AT0LSsaRbbAqoGhoRyfXW+BjBBzlVdd8n0ekzFH7CWowHgDMPQgca0dVLdF7FaP/CU53RU6IRA8cxkh4vx1vSVnOZQvK9593W/wXBoq7TYKwrCIH46pOk7hvgBCQV+7xnEGtXh+13EnYVNvacb9WbONisSoUxk3o6MqdICaxLrZ4hYZg7C7P6U4EawBLDkdUQMAxtemuBBG41db2ZV2fi1VfFq3R/xTXu4/zaD14wNxQJJazjQIASxxmP8O5x2jwUpLMfhYclIeV03ot+IW8BoitvmEZ1dFSap/k5x2culwiG3ME7Rr4r/eSGp0m8sHUWo9VvIMwUhty9HiT7YdYm6qyq1rxfvxcbhdq8vetm0bOJMYPVC2zR+xbxxvfhiWK81UXjNEidBvdTveSPzJhgJPoqKSBvJHC1fDz4WK0agynya7Wbhz/S2eU0Fp0PMESEpBfd2oZNGUoRXRGjRazbvAbphbxwZml6crBqbapErD1V1W9IJWFeh/jknuyVBe+hqe1mBERFYstENDJQe0rpWH0EjpRn/nypqTVG4Y6FsLiPGAY6EMd8BzQi2p7pejmwBatBlzU9Ky7BAFzsGOfZByEBFzdHp7t8fwLDRrDkzfkTqHOIyp9W0BdYC5Qf7ivR8XGjCp2YSCQPBLnOBQn3ZwGoco7w==
X-Forefront-Antispam-Report: CIP:195.195.128.231; CTRY:GB; LANG:en; SCL:1; SRV:;
 IPV:CAL; SFV:NSPM; H:mail.chester.ac.uk; PTR:m2dhcp-231.chester.ac.uk;
 CAT:NONE;
 SFS:(13230001)(4636009)(40470700004)(46966006)(36840700001)(6916009)(316002)(86362001)(786003)(186003)(336012)(2616005)(26005)(82310400004)(108616005)(24736004)(40460700003)(7636003)(166002)(356005)(508600001)(47076005)(83380400001)(36860700001)(8676002)(70586007)(2906002)(70206006)(9326002)(36756003)(8936002)(5660300002)(491001);
 DIR:OUT; SFP:1101; 
X-OriginatorOrg: chester.ac.uk
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Mar 2022 11:08:14.8206 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 34948c37-e957-42bd-8b51-08d9fdcf4780
X-MS-Exchange-CrossTenant-Id: 18843e6e-1846-456c-a05c-500f0aee12f6
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=18843e6e-1846-456c-a05c-500f0aee12f6; Ip=[195.195.128.231];
 Helo=[mail.chester.ac.uk]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR02FT031.eop-EUR02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR02MB6567
X-SPAM-LEVEL: Spam detection results:  0
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DKIM_SIGNED               0.1 Message has a DKIM or DK signature,
 not necessarily valid
 DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
 HTML_MESSAGE            0.001 HTML included in message
 SPF_HELO_PASS          -0.001 SPF: HELO matches SPF record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 T_SCC_BODY_TEXT_LINE    -0.01 -
X-Mailman-Approved-At: Mon, 07 Mar 2022 09:45:14 +0100
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
Subject: [pve-devel] Vmbr bridge permissions and SDN improvements?
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Fri, 04 Mar 2022 11:08:54 -0000

Hi,

We're currently using version 7.1-10 and have the use case where we need to=
 hide the vmbr bridges from normal users to prevent them circumventing netw=
ork security that is applied through SDN vNets.

For context, our setup is a Proxmox cluster that is used as a learning envi=
ronment for students where they can create and manage their own VMs to prac=
tice their Cybersecurity skills in an isolated environment. Being able to h=
ide the vmbr bridges from users would achieve this.

I have found on the community forum (https://forum.proxmox.com/threads/sdn-=
group-pool-permissions.93872) that Spirit had contributed changes that have=
 yet to be accepted/merged in that would achieve this as well as some SDN G=
UI improvements.

I appreciate developers are very busy, but is it possible for Sprit's chang=
es to be included in an upcoming version and if so, any rough idea when the=
y might get released?

Thanks
Neil