[pve-devel] [PATCH pve-container 4/4] Added pct mount

Wolfgang Bumiller w.bumiller at proxmox.com
Fri Nov 20 14:04:29 CET 2015


It takes a destination directory. To unmount best just use
"umount -R $path".

It uses Sys.Console as permission check as the only way to
actually *use* the mounted data is with access to the
host's filesystem. We do not expose that to the web GUI at
all. Sys.Console allows access to the node's root-shell and
is thus the only permission which has any actual use for
this call.
---
 src/PVE/API2/LXC.pm | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 src/PVE/CLI/pct.pm  |  1 +
 2 files changed, 66 insertions(+)

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 4502c59..fe08113 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -1084,4 +1084,69 @@ __PACKAGE__->register_method({
 	return PVE::LXC::lock_container($vmid, undef, $code);;
     }});
 
+__PACKAGE__->register_method({
+    name => 'mount_vm',
+    path => '{vmid}/mount',
+    method => 'PUT',
+    protected => 1,
+    proxyto => 'node',
+    description => "Mount a container's filesystem.",
+    permissions => {
+	# You can only access mounts when you have access to the host's
+	# filesystem. You can only access the filesystems when you're root or
+	# have access to the node's console.
+	check => ['perm', '/nodes/{node}', [ 'Sys.Console' ]],
+    },
+    parameters => {
+	additionalProperties => 0,
+	properties => {
+	    node => get_standard_option('pve-node'),
+	    vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
+	    rootdir => {
+		type => 'string',
+		description => "The mount destination.",
+	    },
+	},
+    },
+    returns => {
+	type => 'string',
+	description => "the task ID.",
+    },
+    code => sub {
+	my ($param) = @_;
+
+	my $rpcenv = PVE::RPCEnvironment::get();
+
+	my $authuser = $rpcenv->get_user();
+
+	my $node = extract_param($param, 'node');
+
+	my $vmid = extract_param($param, 'vmid');
+
+	my $rootdir = extract_param($param, 'rootdir');
+	my $storage_cfg = cfs_read_file("storage.cfg");
+
+	my $setup_mountpoint = sub {
+	    my ($ms, $mountpoint) = @_;
+	    PVE::LXC::mountpoint_mount($mountpoint, $rootdir, $storage_cfg);
+	};
+
+	my $code = sub {
+	    my $conf = PVE::LXC::load_config($vmid);
+	    PVE::Cluster::log_msg('info', $authuser, "mount CT $vmid: --rootdir $rootdir");
+
+	    my $realcmd = sub {
+		my $vollist = PVE::LXC::get_vm_volumes($conf);
+		my $loopdevlist = PVE::LXC::get_vm_volumes($conf, 'rootfs');
+
+		PVE::Storage::activate_volumes($storage_cfg, $vollist);
+		PVE::LXC::foreach_mountpoint($conf, $setup_mountpoint);
+	    };
+
+	    return $rpcenv->fork_worker('resize', $vmid, $authuser, $realcmd);
+	};
+
+	return PVE::LXC::lock_container($vmid, undef, $code);;
+    }});
+
 1;
diff --git a/src/PVE/CLI/pct.pm b/src/PVE/CLI/pct.pm
index 80205bb..a5c962a 100755
--- a/src/PVE/CLI/pct.pm
+++ b/src/PVE/CLI/pct.pm
@@ -226,6 +226,7 @@ our $cmddef = {
     set => [ 'PVE::API2::LXC::Config', 'update_vm', ['vmid'], { node => $nodename }],
 
     resize => [ "PVE::API2::LXC", 'resize_vm', ['vmid', 'disk', 'size'], { node => $nodename } ],
+    mount => [ "PVE::API2::LXC", 'mount_vm', ['vmid', 'rootdir'], { node => $nodename } ],
     
     create => [ 'PVE::API2::LXC', 'create_vm', ['vmid', 'ostemplate'], { node => $nodename }, $upid_exit ],
     restore => [ 'PVE::API2::LXC', 'create_vm', ['vmid', 'ostemplate'], { node => $nodename, restore => 1 }, $upid_exit ],
-- 
2.1.4




More information about the pve-devel mailing list