[pve-devel] [PATCH container] restore: only restore lxc.* if root

Fabian Grünbichler f.gruenbichler at proxmox.com
Tue Sep 20 13:23:32 CEST 2016 

since these can only be added as root to existing containers,
and might be dangerous.
---
 src/PVE/API2/LXC.pm   |  2 +-
 src/PVE/LXC/Create.pm | 12 +++++++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 83afd56..15ebb87 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -383,7 +383,7 @@ __PACKAGE__->register_method({
 		    PVE::LXC::Create::restore_archive($archive, $rootdir, $conf, $ignore_unpack_errors);
 
 		    if ($restore) {
-			PVE::LXC::Create::restore_configuration($vmid, $rootdir, $conf);
+			PVE::LXC::Create::restore_configuration($vmid, $rootdir, $conf, $authuser ne 'root at pam');
 		    } else {
 			my $lxc_setup = PVE::LXC::Setup->new($conf, $rootdir); # detect OS
 			PVE::LXC::Config->write_config($vmid, $conf); # safe config (after OS detection)
diff --git a/src/PVE/LXC/Create.pm b/src/PVE/LXC/Create.pm
index aea6ad3..eea4630 100644
--- a/src/PVE/LXC/Create.pm
+++ b/src/PVE/LXC/Create.pm
@@ -102,7 +102,7 @@ sub recover_config {
 }
 
 sub restore_configuration {
-    my ($vmid, $rootdir, $conf) = @_;
+    my ($vmid, $rootdir, $conf, $restricted) = @_;
 
     # restore: try to extract configuration from archive
 
@@ -117,6 +117,16 @@ sub restore_configuration {
 	    next if $key eq 'digest' || $key eq 'rootfs' || $key eq 'snapshots' || $key eq 'unprivileged' || $key eq 'parent';
 	    next if $key =~ /^mp\d+$/; # don't recover mountpoints
 	    next if $key =~ /^unused\d+$/; # don't recover unused disks
+	    if ($restricted && $key eq 'lxc') {
+		warn "skipping custom lxc options, restore manually as root:\n";
+		warn "--------------------------------\n";
+		my $lxc_list = $oldconf->{'lxc'};
+		foreach my $lxc_opt (@$lxc_list) {
+		    warn "$lxc_opt->[0]: $lxc_opt->[1]\n"
+		}
+		warn "--------------------------------\n";
+		next;
+	    }
 	    $conf->{$key} = $oldconf->{$key} if !defined($conf->{$key});
 	}
 	unlink($pct_cfg_fn);
-- 
2.1.4

More information about the pve-devel mailing list