[pve-devel] [PATCH v2 container] fix #3313: recover unprivileged bit from old config during pct restore

Oguz Bektas o.bektas at proxmox.com
Tue Feb 23 13:29:36 CET 2021


since pct defaults to privileged containers, it restores the container
as privileged when `--unprivileged 1` is not passed.

instead we should check the old configuration and retrieve it
from there.

this way, when one creates an unprivileged container on GUI, it will be
still restored as unprivileged via pct (without having to pass
`--unprivileged 1` parameter)

Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
---
v1->v2:
* move the $is_root guard
* wrap line to make it shorter
* shorten comment
* use () around defined
* also check defined($orig_conf->{unprivileged})


 src/PVE/API2/LXC.pm | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 8ce462f..3d3dbb0 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -352,7 +352,7 @@ __PACKAGE__->register_method({
 		my $orig_mp_param; # only used if $restore
 		if ($restore) {
 		    die "can't overwrite running container\n" if PVE::LXC::check_running($vmid);
-		    if ($is_root && $archive ne '-') {
+		    if ($archive ne '-') {
 			my $orig_conf;
 			print "recovering backed-up configuration from '$archive'\n";
 			($orig_conf, $orig_mp_param) = PVE::LXC::Create::recover_config($storage_cfg, $archive, $vmid);
@@ -361,7 +361,11 @@ __PACKAGE__->register_method({
 			# causing it to restore the raw lxc entries, among which there may be
 			# 'lxc.idmap' entries. We need to make sure that the extracted contents
 			# of the container match up with the restored configuration afterwards:
-			$conf->{lxc} = $orig_conf->{lxc};
+			$conf->{lxc} = $orig_conf->{lxc} if $is_root;
+
+			# make sure to retrieve the privilege level of container if not specified
+			$conf->{unprivileged} = $orig_conf->{unprivileged} if !defined($unprivileged)
+			    && defined($orig_conf->{unprivileged});
 		    }
 		}
 		if ($storage_only_mode) {
-- 
2.20.1





More information about the pve-devel mailing list