[pve-devel] [PATCH container] fix #3313: recover unprivileged bit from old config during pct restore

Fabian Ebner f.ebner at proxmox.com
Tue Feb 23 08:22:43 CET 2021


Am 22.02.21 um 16:03 schrieb Oguz Bektas:
> since pct defaults to privileged containers, it restores the container
> as privileged when `--unprivileged 1` is not passed.
> 
> instead we should check the old configuration and retrieve it
> from there.
> 
> this way, when one creates an unprivileged container on GUI, it will be
> still restored as unprivileged via pct (without having to pass
> `--unprivileged 1` parameter)
> 
> Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
> ---
>   src/PVE/API2/LXC.pm | 4 ++++
>   1 file changed, 4 insertions(+)
> 
> diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
> index 8ce462f..4168a7c 100644
> --- a/src/PVE/API2/LXC.pm
> +++ b/src/PVE/API2/LXC.pm
> @@ -362,6 +362,10 @@ __PACKAGE__->register_method({
>   			# 'lxc.idmap' entries. We need to make sure that the extracted contents
>   			# of the container match up with the restored configuration afterwards:
>   			$conf->{lxc} = $orig_conf->{lxc};
> +
> +			# we also need to make sure the privileged/unprivileged bit is recovered
> +			# from the old config if the parameter is not passed
> +			$conf->{unprivileged} = $orig_conf->{unprivileged} if !defined $unprivileged && $orig_conf->{unprivileged};

This is guarded by a
     if ($is_root && $archive ne '-') {
but the unprivileged flag should be recovered for all users or am I 
missing something?

The existing $was_template logic probably shouldn't be guarded by 
$is_root either...

>   		    }
>   		}
>   		if ($storage_only_mode) {
> 





More information about the pve-devel mailing list