[pve-devel] [PATCH container] fix #3367: skip bind mounts when converting to template

Fabian Grünbichler f.gruenbichler at proxmox.com
Tue Jun 22 09:20:54 CEST 2021

On June 21, 2021 10:41 am, Wolfgang Bumiller wrote:
> On Tue, Apr 06, 2021 at 08:26:50AM +0200, Fabian Ebner wrote:
>> It turns out that we do not yet allow cloning from container templates with
>> bind mounts. So in a sense container templates with bind mounts are
>> currently misconfigured, and this patch would make it easier to get there...
>> Should I send a v2 with a patch making cloning from such templates possible,
>> or were there some concerns to not allow it in the first place? There is a
>>     # TODO: allow bind mounts?
>> comment in the clone API call.
> It's mostly that bind mounts are generally root-only.

maybe we should re-visit the idea of "admin-defined bind mounts" (or 
rather, "admin-defined bind mount SOURCES") that have ACLs, so that we 
can make them more accessible to regular users..

> Silently dropping them when converting to a template seems awkward, I'd
> rather have this throw an error, too.
> (Also remember that containers don't need to be templates to be cloned.)

More information about the pve-devel mailing list