[pve-devel] [PATCH container] fix #3313: recover unprivileged bit from old config during pct restore

Thomas Lamprecht t.lamprecht at proxmox.com
Tue Feb 23 10:00:33 CET 2021


On 22.02.21 16:03, Oguz Bektas wrote:
> since pct defaults to privileged containers, it restores the container
> as privileged when `--unprivileged 1` is not passed.
> 
> instead we should check the old configuration and retrieve it
> from there.
> 
> this way, when one creates an unprivileged container on GUI, it will be
> still restored as unprivileged via pct (without having to pass
> `--unprivileged 1` parameter)
> 

some comments on top of Fabis review (thanks for that!)

> Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
> ---
>  src/PVE/API2/LXC.pm | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
> index 8ce462f..4168a7c 100644
> --- a/src/PVE/API2/LXC.pm
> +++ b/src/PVE/API2/LXC.pm
> @@ -362,6 +362,10 @@ __PACKAGE__->register_method({
>  			# 'lxc.idmap' entries. We need to make sure that the extracted contents
>  			# of the container match up with the restored configuration afterwards:
>  			$conf->{lxc} = $orig_conf->{lxc};
> +
> +			# we also need to make sure the privileged/unprivileged bit is recovered
> +			# from the old config if the parameter is not passed


also shorten the comment when sending a v2, either omit it as its clear what happens
and this is not a manual edge case like "lxc" (which is not handled by our API).
If use a short "ensure to restore privileged level if not overwritten", but its just
redundant..


> +			$conf->{unprivileged} = $orig_conf->{unprivileged} if !defined $unprivileged && $orig_conf->{unprivileged};

1. seems like a pretty long line, is this under the 100 cc max?

2. should the check be: !defined($unprivileged) && defined($orig_conf->{unprivileged});

3. nit: we normally use parentheses for defined()


>  		    }
>  		}
>  		if ($storage_only_mode) {
> 






More information about the pve-devel mailing list