[pve-devel] [PATCHES] Add VM.Snapshot.Rollback privilege
Fabian Grünbichler
f.gruenbichler at proxmox.com
Tue Sep 12 08:04:27 CEST 2017
On Tue, Sep 12, 2017 at 07:33:23AM +0200, Dietmar Maurer wrote:
> > 2. The VM.Clone privilege alone is not enough to clone a template.
> > Unfortunately you also need the VM.Allocate privilege, not only allowing
> > to create new VMs but also to delete VMs. This is even worse than the
> > snapshot privileges, at least for us.
>
> You can restrict that to a specific VMIDs, but I see, that is clumsy
> for your use case ...
>
> > 3. There is a strong dependency between templates and linked clones
> > which is not very well reflected in the Proxmox GUI. They are all placed
> > on the same hierarchy level in the miscellaneous views of Proxmox making
> > it hard to keep track on these dependencies. This is much better solved
> > for snapshots. Viewing templates and linked clones as a tree structure
> > would help a lot.
>
> I see.
>
> > > Also, please read: https://pve.proxmox.com/wiki/Developer_Documentation
> > > for details about patches and CLA ...
> > Sorry, I had to place all patches in one mail because our intranet
> > doesn't allow to send mail using git.
>
> I consider applying your patches, but I need the CLA and a patch with correct
> format...
>
regarding the format issue:
you don't need to send the patches via git-send-email (it's just the one
client that is pretty much guarantueed to get it right without manual
intervention).
format patches using git-format-patch (including cover letter if it is
a series). use subject, body and if at all possible, in-reply-to from
generated files. make sure neither you nor your MUA (nor other parts of
your mail infrastructure) change any of the whitespace in the patch
itself, including reflowing stuff by adding / removing new lines, or
converting tabs to spaces or vice versa. you can easily check this by
sending the patches to yourself first, and test-applying them to your
local repo ;)
regarding the patches:
seem reasonable enough to me, and opt-in so should not cause any harm. I
wonder if we want to follow up with separate Create and Delete
sub-permissions as well? creating a snapshot is even less destructive
than rollback after all..
More information about the pve-devel
mailing list