[pve-devel] [PATCH qemu-server 6/8] migrate: check storage permissions and content type
Fabian Grünbichler
f.gruenbichler at proxmox.com
Mon Mar 30 13:41:34 CEST 2020
both where previously missing. the existing 'check_storage_access'
helper is not applicable here since it operates on a full set of VM
config options, not just storage IDs.
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
PVE/API2/Qemu.pm | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 6eba8d0..33ae0a6 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -3453,15 +3453,27 @@ __PACKAGE__->register_method({
my $storecfg = PVE::Storage::config();
if (my $targetstorage = $param->{targetstorage}) {
+ my $check_storage = sub {
+ my ($target_sid) = @_;
+ PVE::Storage::storage_check_node($storecfg, $target_sid, $target);
+ $rpcenv->check($authuser, "/storage/$target_sid", ['Datastore.AllocateSpace']);
+ my $scfg = PVE::Storage::storage_config($storecfg, $target_sid);
+ raise_param_exc({ targetstorage => "storage '$target_sid' does not support vm images"})
+ if !$scfg->{content}->{images};
+ };
+
my $storagemap = eval { PVE::JSONSchema::parse_idmap($targetstorage, 'pve-storage-id') };
raise_param_exc({ targetstorage => "failed to parse targetstorage map: $@" })
if $@;
+ $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk'])
+ if !defined($storagemap->{identity});
+
foreach my $source (keys %{$storagemap->{entries}}) {
- PVE::Storage::storage_check_node($storecfg, $storagemap->{entries}->{$source}, $target);
+ $check_storage->($storagemap->{entries}->{$source});
}
- PVE::Storage::storage_check_node($storecfg, $storagemap->{default}, $target)
+ $check_storage->($storagemap->{default})
if $storagemap->{default};
PVE::QemuServer::check_storage_availability($storecfg, $conf, $target)
--
2.20.1
More information about the pve-devel
mailing list