[pve-devel] [PATCH v2 storage 1/6] pvesm: extract config: check for VM.Backup privilege

Fabian Ebner f.ebner at proxmox.com
Wed Mar 30 12:24:28 CEST 2022


In preparation to have check_volume_access() always allow access for
users with Datastore.Allocate privilege. As to not automatically give
all such users permission to extract the config too.

Signed-off-by: Fabian Ebner <f.ebner at proxmox.com>
---

New in v2.

 PVE/CLI/pvesm.pm | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/PVE/CLI/pvesm.pm b/PVE/CLI/pvesm.pm
index 190de91..1daed71 100755
--- a/PVE/CLI/pvesm.pm
+++ b/PVE/CLI/pvesm.pm
@@ -172,6 +172,11 @@ __PACKAGE__->register_method ({
 	my $storage_cfg = PVE::Storage::config();
 	PVE::Storage::check_volume_access($rpcenv, $authuser, $storage_cfg, undef, $volume);
 
+	if (PVE::Storage::parse_volume_id($volume, 1)) {
+	    my (undef, undef, $ownervm) = PVE::Storage::parse_volname($storage_cfg, $volume);
+	    $rpcenv->check($authuser, "/vms/$ownervm", ['VM.Backup']);
+	}
+
 	my $config_raw = PVE::Storage::extract_vzdump_config($storage_cfg, $volume);
 
 	print "$config_raw\n";
-- 
2.30.2






More information about the pve-devel mailing list