[pve-devel] [PATCH container] fix #3635: fix pool permission checks on create

Mira Limbeck m.limbeck at proxmox.com
Tue Feb 8 14:22:13 CET 2022


On 10/22/21 08:44, Dominik Csapak wrote:
> we do not need Permissions.Modify on the pool, so remove it like
> we did in
>
> qemu-server 4fc5242 ("fix pool permission checks on create")
>
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
>   src/PVE/API2/LXC.pm | 1 -
>   1 file changed, 1 deletion(-)
>
> diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
> index 69df366..0ae67a1 100644
> --- a/src/PVE/API2/LXC.pm
> +++ b/src/PVE/API2/LXC.pm
> @@ -233,7 +233,6 @@ __PACKAGE__->register_method({
>   	my $pool = extract_param($param, 'pool');
>   	if (defined($pool)) {
>   	    $rpcenv->check_pool_exist($pool);
> -	    $rpcenv->check_perm_modify($authuser, "/pool/$pool");
>   	}
>   
>   	if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {

Works when no Permissions.Modify and no Pool.Allocate permission is set.
So consider this:

Tested-by: Mira Limbeck <m.limbeck at proxmox.com>





More information about the pve-devel mailing list