[pve-devel] [PATCH v2 qemu-server 3/4] restore: sanitize config for non-root users

Thomas Lamprecht t.lamprecht at proxmox.com
Sun Apr 18 18:17:40 CEST 2021


On 18.03.21 10:44, Fabian Ebner wrote:
> by dropping privileged options for unprivileged users. For backwards
> compatibility for in-place restores, keep the option as long as the value didn't
> change.
> 
> Note that this softly "breaks" restoring a backup with such a privileged option
> under a new VM ID in the sense that the options won't be present in the 
new VM
> configuration. Restoring itself still works. Restoring containers already
> behaves similarly.
> 
> In a trusted environment, there cannot be any backups that were tampered with,
> but it's still worth adding such checks for resilience and future-proofing.
> 
> Reported-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
> Signed-off-by: Fabian Ebner <f.ebner at proxmox.com>
> ---
> 
> Changes from v1:
>     * don't capitalize warnings as much
>     * add tests
>     * add Reported-by tag
> 

waiting out this one for when we can apply it for 7.0, ideally we can define some
better node HW permissions (e.g., for PCI) then and improve this by allowing more
things to be restored as non-root while being safe.





More information about the pve-devel mailing list