[pve-devel] [PATCH qemu-server] restrict monitor API call to Sys.Modify
Fabian Grünbichler
f.gruenbichler at proxmox.com
Thu Nov 10 10:40:40 CET 2016
On Mon, Nov 07, 2016 at 08:37:45AM +0100, Wolfgang Link wrote:
> We could restrict the monitor to the info commands, then they give only
> information about this VM and can't change the setting of it.
What about a combined approach?
- user only has VM.Monitor -> user can only use "info *" commands
- user has Sys.Modify -> user can use arbitrary commands
alternatively, instead of Sys.Modify we could also restrict to root at pam
of course..
AFAICT the human monitor interface does not allow more than one command
at a time, so a simple matching for "^info " should be enough.. If there
are other read-only commands that users need, they could be added in
future updates (upon request). I don't think our monitor API is widely
used except for debugging purposes.
More information about the pve-devel
mailing list