[pbs-devel] [PATCH storage v4 3/3] api: FileRestore: allow automatic memory increase for privileged users

Dominik Csapak d.csapak at proxmox.com
Thu Nov 10 11:36:34 CET 2022 

if the user has the appropriate rights (details in the comments of
'check_allow_dynamic_memory') enable the dynamic memory behaviour
of the file-restore binary

Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
new in v4:
depends on pve-common 2/2

 PVE/API2/Storage/FileRestore.pm | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/PVE/API2/Storage/FileRestore.pm b/PVE/API2/Storage/FileRestore.pm
index 764ebfb..4b50eed 100644
--- a/PVE/API2/Storage/FileRestore.pm
+++ b/PVE/API2/Storage/FileRestore.pm
@@ -33,6 +33,19 @@ my $parse_volname_or_id = sub {
     return $volid;
 };
 
+# returns one if file-restore vms memory increase should be allowed
+# user needs either
+# 'VM.Allocate' on '/vms'  (can create any number of vms)
+# or 'Sys.Modify' on '/' (can modify the system to a state where it no longer functions)
+my sub check_allow_dynamic_memory {
+    my ($rpcenv, $user) = @_;
+
+    return 1 if $rpcenv->check($user, '/vms', ['VM.Allocate'], 1);
+    return 1 if $rpcenv->check($user, '/', ['Sys.Modify'], 1);
+
+    return 0;
+}
+
 __PACKAGE__->register_method ({
     name => 'list',
     path => 'list',
@@ -119,7 +132,11 @@ __PACKAGE__->register_method ({
 	my (undef, $snap) = PVE::Storage::parse_volname($cfg, $volid);
 
 	my $client = PVE::PBSClient->new($scfg, $storeid);
-	my $ret = $client->file_restore_list($snap, $path, $base64, { timeout => 25 });
+	my $extract_params = {
+	    timeout => 25,
+	    'dynamic-memory' => check_allow_dynamic_memory($rpcenv, $user),
+	};
+	my $ret = $client->file_restore_list($snap, $path, $base64, $extract_params);
 
 	if (ref($ret) eq "HASH") {
 	    my $msg = $ret->{message};
@@ -196,10 +213,14 @@ __PACKAGE__->register_method ({
 	my $client = PVE::PBSClient->new($scfg, $storeid);
 	my $fifo = $client->file_restore_extract_prepare();
 
+	my $extra_params = {
+	    'dynamic-memory' => check_allow_dynamic_memory($rpcenv, $user),
+	};
+
 	$rpcenv->fork_worker('pbs-download', undef, $user, sub {
 	    my $name = decode_base64($path);
 	    print "Starting download of file: $name\n";
-	    $client->file_restore_extract($fifo, $snap, $path, 1);
+	    $client->file_restore_extract($fifo, $snap, $path, 1, $extra_params);
 	});
 
 	my $ret = {
-- 
2.30.2

More information about the pbs-devel mailing list