[pve-devel] [PATCH container] fix #3635: fix pool permission checks on create
Mira Limbeck
m.limbeck at proxmox.com
Tue Feb 8 14:22:13 CET 2022
On 10/22/21 08:44, Dominik Csapak wrote:
> we do not need Permissions.Modify on the pool, so remove it like
> we did in
>
> qemu-server 4fc5242 ("fix pool permission checks on create")
>
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
> src/PVE/API2/LXC.pm | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
> index 69df366..0ae67a1 100644
> --- a/src/PVE/API2/LXC.pm
> +++ b/src/PVE/API2/LXC.pm
> @@ -233,7 +233,6 @@ __PACKAGE__->register_method({
> my $pool = extract_param($param, 'pool');
> if (defined($pool)) {
> $rpcenv->check_pool_exist($pool);
> - $rpcenv->check_perm_modify($authuser, "/pool/$pool");
> }
>
> if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
Works when no Permissions.Modify and no Pool.Allocate permission is set.
So consider this:
Tested-by: Mira Limbeck <m.limbeck at proxmox.com>
More information about the pve-devel
mailing list