[pve-devel] [PATCH manager 1/2] ui: lxc/features: disable nfs and cifs for unprivileged

Tue Dec 4 10:40:52 CET 2018

both patches:

Reviewed-by: Dominik Csapak <d.csapak at proxmox.com>
Tested-by: Dominik Csapak <d.csapak at proxmox.com>

On 12/4/18 10:03 AM, Wolfgang Bumiller wrote:
> While we can allow them via the apparmor profile, they still
> won't be usable as the kernel doesn't have FS_USERNS_MOUNT
> set on those.
> 
> Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
> ---
>   www/manager6/lxc/FeaturesEdit.js | 38 +++++++++++++++++++++++++++++++-------
>   1 file changed, 31 insertions(+), 7 deletions(-)
> 
> diff --git a/www/manager6/lxc/FeaturesEdit.js b/www/manager6/lxc/FeaturesEdit.js
> index fb8f7672..5e359e26 100644
> --- a/www/manager6/lxc/FeaturesEdit.js
> +++ b/www/manager6/lxc/FeaturesEdit.js
> @@ -7,11 +7,30 @@ Ext.define('PVE.lxc.FeaturesInputPanel', {
>   
>       fstypes: ['nfs', 'cifs'],
>   
> +    viewModel: {
> +	parent: null,
> +	data: {
> +	    unprivileged: false,
> +	},
> +	formulas: {
> +	    privilegedOnly: function(get) {
> +		return (get('unprivileged') ? gettext('privileged only') : '');
> +	    },
> +	    unprivilegedOnly: function(get) {
> +		return (!get('unprivileged') ? gettext('unprivileged only') : '');
> +	    }
> +	}
> +    },
> +
>       items: [
>   	{
>   	    xtype: 'proxmoxcheckbox',
>   	    fieldLabel: gettext('keyctl'),
> -	    name: 'keyctl'
> +	    name: 'keyctl',
> +	    bind: {
> +		disabled: '{!unprivileged}',
> +		boxLabel: '{unprivilegedOnly}',
> +	    }
>   	},
>   	{
>   	    xtype: 'proxmoxcheckbox',
> @@ -21,12 +40,20 @@ Ext.define('PVE.lxc.FeaturesInputPanel', {
>   	{
>   	    xtype: 'proxmoxcheckbox',
>   	    name: 'nfs',
> -	    fieldLabel: 'NFS'
> +	    fieldLabel: 'NFS',
> +	    bind: {
> +		disabled: '{unprivileged}',
> +		boxLabel: '{privilegedOnly}',
> +	    }
>   	},
>   	{
>   	    xtype: 'proxmoxcheckbox',
>   	    name: 'cifs',
> -	    fieldLabel: 'CIFS'
> +	    fieldLabel: 'CIFS',
> +	    bind: {
> +		disabled: '{unprivileged}',
> +		boxLabel: '{privilegedOnly}',
> +	    }
>   	}
>       ],
>   
> @@ -54,10 +81,7 @@ Ext.define('PVE.lxc.FeaturesInputPanel', {
>       setValues: function(values) {
>   	var me = this;
>   
> -	var privileged = !values.unprivileged,
> -	    keyctlField = me.down('field[name=keyctl]');
> -	keyctlField.setDisabled(privileged);
> -	keyctlField.setBoxLabel(privileged ? gettext('unprivileged only') : null);
> +	me.viewModel.set({ unprivileged: values.unprivileged });
>   
>   	if (values.features) {
>   	    var res = PVE.Parser.parsePropertyString(values.features);
>