[pve-devel] [PATCH container v2 2/2] restore: also remove firewall config after failed restore

Daniel Tschlatscher d.tschlatscher at proxmox.com
Tue Nov 29 15:00:19 CET 2022


Before, a failed restore would only remove the container config, but
the firewall config would remain.
Now, the firewall config is also removed, except for the case when the
user only has the VM.Backup permission. In this case the firewall
would not have been restored/changed by us and is left as is.

Signed-off-by: Daniel Tschlatscher <d.tschlatscher at proxmox.com>
---
Changes from v1:
* Moved into destroy_config_on_error check

 src/PVE/API2/LXC.pm | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index f2113de..50c9eaf 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -499,6 +499,11 @@ __PACKAGE__->register_method({
 		if ($destroy_config_on_error) {
 		    eval { PVE::LXC::Config->destroy_config($vmid) };
 		    warn $@ if $@;
+
+		    if (!$skip_fw_config_restore) { # Only if user has permission to change the fw
+			PVE::Firewall::remove_vmfw_conf($vmid);
+			warn $@ if $@;
+		    }
 		}
 		die "$emsg $err";
 	    }
-- 
2.30.2






More information about the pve-devel mailing list