[pve-devel] [PATCH pve-container] CT protection mode

Alen Grizonic a.grizonic at proxmox.com
Tue Sep 22 09:32:50 CEST 2015 

changes:

- added common check_protection subroutine
- disk removal prevention
- restore over protected CT prevention
---
 src/PVE/API2/LXC.pm        | 6 ++++--
 src/PVE/API2/LXC/Config.pm | 4 ++++
 src/PVE/LXC.pm             | 8 ++++++++
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index e1f57da..085a696 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -172,6 +172,9 @@ __PACKAGE__->register_method({
 
 	if (!($same_container_exists && $restore && $force)) {
 	    PVE::Cluster::check_vmid_unused($vmid);
+	} else {
+	    my $conf = PVE::LXC::load_config($vmid);
+	    PVE::LXC::check_protection($conf, "unable to restore CT $vmid");
 	}
 
 	my $password = extract_param($param, 'password');
@@ -463,8 +466,7 @@ __PACKAGE__->register_method({
 
 	my $storage_cfg = cfs_read_file("storage.cfg");
 
-	die  "can't remove CT $vmid - protection mode enabled\n"
-	    if $conf->{protection};
+	PVE::LXC::check_protection($conf, "can't remove CT $vmid");
 
 	die "unable to remove CT $vmid - used in HA resources\n"
 	    if PVE::HA::Config::vm_is_ha_managed($vmid);
diff --git a/src/PVE/API2/LXC/Config.pm b/src/PVE/API2/LXC/Config.pm
index b4a92de..bc73281 100644
--- a/src/PVE/API2/LXC/Config.pm
+++ b/src/PVE/API2/LXC/Config.pm
@@ -108,6 +108,8 @@ __PACKAGE__->register_method({
 
 	my $digest = extract_param($param, 'digest');
 
+	my $conf = PVE::LXC::load_config($vmid);
+
 	die "no options specified\n" if !scalar(keys %$param);
 
 	my $delete_str = extract_param($param, 'delete');
@@ -122,6 +124,8 @@ __PACKAGE__->register_method({
 
 	    if (!PVE::LXC::option_exists($opt)) {
 		raise_param_exc({ delete => "unknown option '$opt'" });
+	    } elsif ($opt eq 'rootfs' || $opt =~ m/^mp(\d+)$/) {
+		PVE::LXC::check_protection($conf, "can't remove CT $vmid drive '$opt'");
 	    }
 	}
 
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index 3c77c5b..2054b33 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -981,6 +981,14 @@ sub check_lock {
     die "VM is locked ($conf->{'lock'})\n" if $conf->{'lock'};
 }
 
+sub check_protection {
+    my ($vm_conf, $err_msg) = @_;
+
+    if ($vm_conf->{protection}) {
+	die "$err_msg - protection mode enabled\n";
+    }
+}
+
 sub update_lxc_config {
     my ($storage_cfg, $vmid, $conf) = @_;
 
-- 
2.1.4

More information about the pve-devel mailing list