From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id D64DA743C5 for ; Sun, 18 Apr 2021 18:17:41 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id CF680CF65 for ; Sun, 18 Apr 2021 18:17:41 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 6191ECF59 for ; Sun, 18 Apr 2021 18:17:41 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 2984942D9D for ; Sun, 18 Apr 2021 18:17:41 +0200 (CEST) Message-ID: <771b2cb9-5113-8ac1-412d-9077f1c69095@proxmox.com> Date: Sun, 18 Apr 2021 18:17:40 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:88.0) Gecko/20100101 Thunderbird/88.0 Content-Language: en-US To: Proxmox VE development discussion , Fabian Ebner References: <20210318094452.738-1-f.ebner@proxmox.com> <20210318094452.738-3-f.ebner@proxmox.com> From: Thomas Lamprecht In-Reply-To: <20210318094452.738-3-f.ebner@proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL -0.040 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -0.001 Looks like a legit reply (A) RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH v2 qemu-server 3/4] restore: sanitize config for non-root users X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Apr 2021 16:17:41 -0000 On 18.03.21 10:44, Fabian Ebner wrote: > by dropping privileged options for unprivileged users. For backwards > compatibility for in-place restores, keep the option as long as the val= ue didn't > change. >=20 > Note that this softly "breaks" restoring a backup with such a privilege= d option > under a new VM ID in the sense that the options won't be present in the=20 new VM > configuration. Restoring itself still works. Restoring containers alrea= dy > behaves similarly. >=20 > In a trusted environment, there cannot be any backups that were tampere= d with, > but it's still worth adding such checks for resilience and future-proof= ing. >=20 > Reported-by: Fabian Gr=C3=BCnbichler > Signed-off-by: Fabian Ebner > --- >=20 > Changes from v1: > * don't capitalize warnings as much > * add tests > * add Reported-by tag >=20 waiting out this one for when we can apply it for 7.0, ideally we can def= ine some better node HW permissions (e.g., for PCI) then and improve this by allow= ing more things to be restored as non-root while being safe.