[pve-devel] [PATCH container] fix #3367: skip bind mounts when converting to template
Fabian Grünbichler
f.gruenbichler at proxmox.com
Tue Jun 22 09:20:54 CEST 2021
On June 21, 2021 10:41 am, Wolfgang Bumiller wrote:
> On Tue, Apr 06, 2021 at 08:26:50AM +0200, Fabian Ebner wrote:
>> It turns out that we do not yet allow cloning from container templates with
>> bind mounts. So in a sense container templates with bind mounts are
>> currently misconfigured, and this patch would make it easier to get there...
>>
>> Should I send a v2 with a patch making cloning from such templates possible,
>> or were there some concerns to not allow it in the first place? There is a
>> # TODO: allow bind mounts?
>> comment in the clone API call.
>
> It's mostly that bind mounts are generally root-only.
maybe we should re-visit the idea of "admin-defined bind mounts" (or
rather, "admin-defined bind mount SOURCES") that have ACLs, so that we
can make them more accessible to regular users..
> Silently dropping them when converting to a template seems awkward, I'd
> rather have this throw an error, too.
>
> (Also remember that containers don't need to be templates to be cloned.)
More information about the pve-devel
mailing list