[pbs-devel] [PATCH storage v4 3/3] api: FileRestore: allow automatic memory increase for privileged users
Dominik Csapak
d.csapak at proxmox.com
Thu Nov 10 11:36:34 CET 2022
if the user has the appropriate rights (details in the comments of
'check_allow_dynamic_memory') enable the dynamic memory behaviour
of the file-restore binary
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
new in v4:
depends on pve-common 2/2
PVE/API2/Storage/FileRestore.pm | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/PVE/API2/Storage/FileRestore.pm b/PVE/API2/Storage/FileRestore.pm
index 764ebfb..4b50eed 100644
--- a/PVE/API2/Storage/FileRestore.pm
+++ b/PVE/API2/Storage/FileRestore.pm
@@ -33,6 +33,19 @@ my $parse_volname_or_id = sub {
return $volid;
};
+# returns one if file-restore vms memory increase should be allowed
+# user needs either
+# 'VM.Allocate' on '/vms' (can create any number of vms)
+# or 'Sys.Modify' on '/' (can modify the system to a state where it no longer functions)
+my sub check_allow_dynamic_memory {
+ my ($rpcenv, $user) = @_;
+
+ return 1 if $rpcenv->check($user, '/vms', ['VM.Allocate'], 1);
+ return 1 if $rpcenv->check($user, '/', ['Sys.Modify'], 1);
+
+ return 0;
+}
+
__PACKAGE__->register_method ({
name => 'list',
path => 'list',
@@ -119,7 +132,11 @@ __PACKAGE__->register_method ({
my (undef, $snap) = PVE::Storage::parse_volname($cfg, $volid);
my $client = PVE::PBSClient->new($scfg, $storeid);
- my $ret = $client->file_restore_list($snap, $path, $base64, { timeout => 25 });
+ my $extract_params = {
+ timeout => 25,
+ 'dynamic-memory' => check_allow_dynamic_memory($rpcenv, $user),
+ };
+ my $ret = $client->file_restore_list($snap, $path, $base64, $extract_params);
if (ref($ret) eq "HASH") {
my $msg = $ret->{message};
@@ -196,10 +213,14 @@ __PACKAGE__->register_method ({
my $client = PVE::PBSClient->new($scfg, $storeid);
my $fifo = $client->file_restore_extract_prepare();
+ my $extra_params = {
+ 'dynamic-memory' => check_allow_dynamic_memory($rpcenv, $user),
+ };
+
$rpcenv->fork_worker('pbs-download', undef, $user, sub {
my $name = decode_base64($path);
print "Starting download of file: $name\n";
- $client->file_restore_extract($fifo, $snap, $path, 1);
+ $client->file_restore_extract($fifo, $snap, $path, 1, $extra_params);
});
my $ret = {
--
2.30.2
More information about the pbs-devel
mailing list