[pve-devel] [RFC container 3/3] implement permission checks for feature flags

Wolfgang Bumiller w.bumiller at proxmox.com
Wed Sep 19 15:11:40 CEST 2018


On Wed, Sep 19, 2018 at 02:09:39PM +0200, Thomas Lamprecht wrote:
> On 7/31/18 2:50 PM, Wolfgang Bumiller wrote:
> > To disable a feature it is enough to be generally allowed
> > to edit the configuration. Enabling a feature requires more
> > privileges. For now: root at pam.
> > 
> 
> While it is correct from a technical POV, it seems a bit strange from an
> user experience POV, not sure about this.
> E.g., I'm one of those people that often just try to toggle options for the
> sake of it and see what happens - at least if it's nothing too important, 
> and here I'd be quite bummed out if I had it, disabled keyctl and then my
> unprivileged CT gets problems - no nice UX, IMO...

Not allowing to remove them works for me, too. IOW. any change there
requires root at pam, although actually the 'keyctl' feature should only
require the regular VM.Config permission as it's not a security critical
change but rather disables a systemd-networkd-specific workaround.



More information about the pve-devel mailing list