[pve-devel] [PATCH v4 qemu-server 1/1] api2: add check_bridge_access for create/update/clone/restore vm

[DERUMIER, Alexandre]

> >  
> > +               my $vzdump_conf =
> > PVE::Storage::extract_vzdump_config($storecfg, $archive);
> > +               my $backup_conf =
> > PVE::QemuServer::parse_vm_config("restore/qemu-server/$vmid.conf",
> > $vzdump_conf, 1);
> > +               &$check_bridge_access($rpcenv, $authuser,
> > $backup_conf);
> > +
> 
> this part here should maybe be moved somewhere where we already have
> the
> extracted config, if possible?


Well, I have looked at this, but I don't see where in the code the
config storages are checked and where the config is extracted.


If the param->{storage} is not defined, the check is done somewhere in
the task with this kind of nice error log in the task ;)

"
error before or during data restore, some or all disks were not
completely restored. VM 249 state is NOT cleaned up.
TASK ERROR: command 'set -o pipefail && zstd -q -d -c
/mnt/pve/cephfs/dump/vzdump-qemu-210-2023_06_06-21_00_03.vma.zst | vma
extract -v -r /var/tmp/vzdumptmp3542000.fifo -
/var/tmp/vzdumptmp3542000' failed: 403 Permission check failed
(/storage/local-zfs, Datastore.AllocateSpace)

"

I was more thinking to add the check before launching the task, seem
better no ?