[pve-devel] [PATCH v2 container] fix #3313: recover unprivileged bit from old config during pct restore

[Oguz Bektas]

since pct defaults to privileged containers, it restores the container
as privileged when `--unprivileged 1` is not passed.

instead we should check the old configuration and retrieve it
from there.

this way, when one creates an unprivileged container on GUI, it will be
still restored as unprivileged via pct (without having to pass
`--unprivileged 1` parameter)

Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
---
v1->v2:
* move the $is_root guard
* wrap line to make it shorter
* shorten comment
* use () around defined
* also check defined($orig_conf->{unprivileged})


 src/PVE/API2/LXC.pm | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 8ce462f..3d3dbb0 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -352,7 +352,7 @@ __PACKAGE__->register_method({
 		my $orig_mp_param; # only used if $restore
 		if ($restore) {
 		    die "can't overwrite running container\n" if PVE::LXC::check_running($vmid);
-		    if ($is_root && $archive ne '-') {
+		    if ($archive ne '-') {
 			my $orig_conf;
 			print "recovering backed-up configuration from '$archive'\n";
 			($orig_conf, $orig_mp_param) = PVE::LXC::Create::recover_config($storage_cfg, $archive, $vmid);
@@ -361,7 +361,11 @@ __PACKAGE__->register_method({
 			# causing it to restore the raw lxc entries, among which there may be
 			# 'lxc.idmap' entries. We need to make sure that the extracted contents
 			# of the container match up with the restored configuration afterwards:
-			$conf->{lxc} = $orig_conf->{lxc};
+			$conf->{lxc} = $orig_conf->{lxc} if $is_root;
+
+			# make sure to retrieve the privilege level of container if not specified
+			$conf->{unprivileged} = $orig_conf->{unprivileged} if !defined($unprivileged)
+			    && defined($orig_conf->{unprivileged});
 		    }
 		}
 		if ($storage_only_mode) {
-- 
2.20.1