[pve-devel] [PATCH qemu-server 1/2] move check for serialX: socket
Dominik Csapak
d.csapak at proxmox.com
Fri Apr 12 16:08:36 CEST 2019
since we do not want the user to change a device which has a real
devices already set, we have to check it later when we have the config
so we do not have to give the params to vm_check_modify_config_perm anymore
also improve the regex to \d+
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
PVE/API2/Qemu.pm | 26 +++++++++++++-------------
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 7195ec2..0139de1 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -302,15 +302,16 @@ my $cloudinitoptions = {
};
my $check_vm_modify_config_perm = sub {
- my ($rpcenv, $authuser, $vmid, $pool, $key_list, $values) = @_;
+ my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
return 1 if $authuser eq 'root at pam';
foreach my $opt (@$key_list) {
- # disk checks need to be done somewhere else
+ # some checks need to be done somewhere else
next if PVE::QemuServer::is_valid_drivename($opt);
next if $opt eq 'cdrom';
next if $opt =~ m/^unused\d+$/;
+ next if $opt =~ m/^serial\d+$/;
if ($cpuoptions->{$opt} || $opt =~ m/^numa\d+$/) {
$rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
@@ -330,14 +331,6 @@ my $check_vm_modify_config_perm = sub {
$rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
} elsif ($cloudinitoptions->{$opt} || ($opt =~ m/^(?:net|ipconfig)\d+$/)) {
$rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
- } elsif ($opt =~ m/^serial\d+$/) {
- if ($values && $values->{$opt} eq 'socket') {
- $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
- } elsif (!$values) {
- next; # deletion will be checked later since we do not have the config here
- } else {
- die "only root can set '$opt' config to real devices\n";
- }
} else {
# catches usb\d+, hostpci\d+, args, lock, etc.
# new options will be checked here
@@ -525,7 +518,7 @@ __PACKAGE__->register_method({
&$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param, $storage);
- &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param], $param);
+ &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
foreach my $opt (keys %$param) {
if (PVE::QemuServer::is_valid_drivename($opt)) {
@@ -1135,7 +1128,7 @@ my $update_vm_api = sub {
&$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
- &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param], $param);
+ &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
&$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param);
@@ -1198,7 +1191,7 @@ my $update_vm_api = sub {
if defined($conf->{pending}->{$opt});
PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force);
PVE::QemuConfig->write_config($vmid, $conf);
- } elsif ($opt =~ m/^serial\d$/) {
+ } elsif ($opt =~ m/^serial\d+$/) {
if ($conf->{$opt} eq 'socket') {
$rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.HWType']);
} elsif ($authuser ne 'root at pam') {
@@ -1231,6 +1224,13 @@ my $update_vm_api = sub {
if defined($conf->{pending}->{$opt});
&$create_disks($rpcenv, $authuser, $conf->{pending}, $arch, $storecfg, $vmid, undef, {$opt => $param->{$opt}});
+ } elsif ($opt =~ m/^serial\d+/) {
+ if ((!defined($conf->{$opt}) || $conf->{$opt} eq 'socket') && $param->{$opt} eq 'socket') {
+ $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.HWType']);
+ } elsif ($authuser ne 'root at pam') {
+ die "only root can modify '$opt' config for real devices\n";
+ }
+ $conf->{pending}->{$opt} = $param->{$opt};
} else {
$conf->{pending}->{$opt} = $param->{$opt};
}
--
2.11.0
More information about the pve-devel
mailing list