[pve-devel] [PATCH manager 2/2] filter unusable lxc mountoptions for rootfs
Dominik Csapak
d.csapak at proxmox.com
Wed Jul 10 14:58:59 CEST 2019
looks good to me (except one comment inline)
two things though:
why do we allow those options in the backend for rootfs ? shouldn't we
prevent a user from setting 'noexec' on the rootfs in the first place?
(ofc we have to hide it in the gui anyway)
why is nodev on root forbidden?
On 7/10/19 2:26 PM, Oguz Bektas wrote:
> disable nodev and noexec per thomas' suggestion[0].
>
> [0]: https://pve.proxmox.com/pipermail/pve-devel/2019-July/037994.html
>
> Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
> ---
> www/manager6/lxc/MPEdit.js | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/www/manager6/lxc/MPEdit.js b/www/manager6/lxc/MPEdit.js
> index 7689340d..638cf6e1 100644
> --- a/www/manager6/lxc/MPEdit.js
> +++ b/www/manager6/lxc/MPEdit.js
> @@ -58,6 +58,14 @@ Ext.define('PVE.lxc.MountPointInputPanel', {
> if (mp.mountoptions) {
> mp.mountoptions = mp.mountoptions.split(';');
> }
> +
> + var field = me.down('field[name=mountoptions]');
> + var forbidden = ['nodev', 'noexec'];
> + if (this.confid === 'rootfs') {
> + filtered = field.comboItems.filter(e => !forbidden.includes(e[0]));
> + field.setComboItems(filtered);
> + }
> +
> me.setValues(mp);
> },
>
> @@ -363,6 +371,8 @@ Ext.define('PVE.lxc.MountPointEdit', {
> }
>
> ipanel.setMountPoint(mp);
> +
> +
this seems unintentional ;)
> me.isValid(); // trigger validation
> }
> }
>
More information about the pve-devel
mailing list