From: "DERUMIER, Alexandre" <alexandre.derumier@groupe-cyllene.com>
To: "pve-devel@lists.proxmox.com" <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH v4 qemu-server 1/1] api2: add check_bridge_access for create/update/clone/restore vm
Date: Wed, 7 Jun 2023 16:46:01 +0000 [thread overview]
Message-ID: <f6ec11f14a33fe49b520640c7fce34e13c42f37d.camel@groupe-cyllene.com> (raw)
In-Reply-To: <1686149351.zu4entfs6q.astroid@yuna.none>
> >
> > + my $vzdump_conf =
> > PVE::Storage::extract_vzdump_config($storecfg, $archive);
> > + my $backup_conf =
> > PVE::QemuServer::parse_vm_config("restore/qemu-server/$vmid.conf",
> > $vzdump_conf, 1);
> > + &$check_bridge_access($rpcenv, $authuser,
> > $backup_conf);
> > +
>
> this part here should maybe be moved somewhere where we already have
> the
> extracted config, if possible?
Well, I have looked at this, but I don't see where in the code the
config storages are checked and where the config is extracted.
If the param->{storage} is not defined, the check is done somewhere in
the task with this kind of nice error log in the task ;)
"
error before or during data restore, some or all disks were not
completely restored. VM 249 state is NOT cleaned up.
TASK ERROR: command 'set -o pipefail && zstd -q -d -c
/mnt/pve/cephfs/dump/vzdump-qemu-210-2023_06_06-21_00_03.vma.zst | vma
extract -v -r /var/tmp/vzdumptmp3542000.fifo -
/var/tmp/vzdumptmp3542000' failed: 403 Permission check failed
(/storage/local-zfs, Datastore.AllocateSpace)
"
I was more thinking to add the check before launching the task, seem
better no ?
next prev parent reply other threads:[~2023-06-07 16:46 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-07 12:03 [pve-devel] [PATCH-SERIE pve-access-control/pve-manager/pve-guest-common/qemu-server/pve-network] check permissions on local bridge Alexandre Derumier
2023-06-07 12:03 ` [pve-devel] [PATCH v2 pve-access-control 1/3] access control: add /sdn/zones/<zone>/<vnet>/<vlan> path Alexandre Derumier
2023-06-07 14:41 ` [pve-devel] applied: " Fabian Grünbichler
2023-06-07 12:03 ` [pve-devel] [PATCH v4 qemu-server 1/1] api2: add check_bridge_access for create/update/clone/restore vm Alexandre Derumier
2023-06-07 14:52 ` Fabian Grünbichler
2023-06-07 16:46 ` DERUMIER, Alexandre [this message]
2023-06-08 16:02 ` [pve-devel] applied: " Thomas Lamprecht
2023-06-09 7:00 ` DERUMIER, Alexandre
2023-06-09 7:14 ` DERUMIER, Alexandre
2023-06-09 7:29 ` Thomas Lamprecht
2023-06-09 8:28 ` DERUMIER, Alexandre
2023-06-09 7:26 ` Thomas Lamprecht
2023-06-07 12:03 ` [pve-devel] [PATCH v3 pve-manager 1/4] api2: network: check permissions for local bridges Alexandre Derumier
2023-06-07 14:45 ` [pve-devel] applied: " Fabian Grünbichler
2023-06-07 12:03 ` [pve-devel] [PATCH pve-network 1/1] get_local_vnets: fix permission path && perm Alexandre Derumier
2023-06-07 14:56 ` Fabian Grünbichler
2023-06-07 16:27 ` DERUMIER, Alexandre
2023-06-08 1:34 ` DERUMIER, Alexandre
2023-06-07 12:03 ` [pve-devel] [PATCH v2 pve-guest-common 1/1] helpers : add check_vnet_access Alexandre Derumier
2023-06-07 14:48 ` [pve-devel] applied: " Fabian Grünbichler
2023-06-07 12:03 ` [pve-devel] [PATCH v3 pve-manager 2/4] api2: cluster: ressources: add "localnetwork" zone Alexandre Derumier
2023-06-07 14:44 ` Fabian Grünbichler
2023-06-07 17:18 ` DERUMIER, Alexandre
2023-06-07 12:03 ` [pve-devel] [PATCH v2 pve-access-control 2/3] rpcenvironnment: add check_sdn_bridge Alexandre Derumier
2023-06-07 14:41 ` [pve-devel] applied: " Fabian Grünbichler
2023-06-07 12:03 ` [pve-devel] [PATCH v2 pve-access-control 3/3] add new SDN.use privilege in PVESDNUser role Alexandre Derumier
2023-06-07 14:42 ` [pve-devel] applied: " Fabian Grünbichler
2023-06-07 12:03 ` [pve-devel] [PATCH v3 pve-manager 3/4] ui: add vnet permissions panel Alexandre Derumier
2023-06-07 12:03 ` [pve-devel] [PATCH v3 pve-manager 4/4] ui: add permissions management for "localnetwork" zone Alexandre Derumier
2023-06-12 14:39 ` [pve-devel] applied-series: [PATCH-SERIE pve-access-control/pve-manager/pve-guest-common/qemu-server/pve-network] check permissions on local bridge Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f6ec11f14a33fe49b520640c7fce34e13c42f37d.camel@groupe-cyllene.com \
--to=alexandre.derumier@groupe-cyllene.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox