[pve-devel] applied: [PATCH qemu-server] api: update: also check access for currently configured bridge
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Jul 19 12:22:49 CEST 2023
On July 17, 2023 9:15 am, Fiona Ebner wrote:
> Relevant when modifying or removing an existing network device.
>
> Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
> ---
> PVE/API2/Qemu.pm | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
> index 59307133..fd718f93 100644
> --- a/PVE/API2/Qemu.pm
> +++ b/PVE/API2/Qemu.pm
> @@ -1792,6 +1792,13 @@ my $update_vm_api = sub {
> assert_tag_permissions($vmid, $val, '', $rpcenv, $authuser);
> delete $conf->{$opt};
> PVE::QemuConfig->write_config($vmid, $conf);
> + } elsif ($opt =~ m/^net\d+$/) {
> + if ($conf->{$opt}) {
> + PVE::QemuServer::check_bridge_access(
> + $rpcenv, $authuser, { $opt => $conf->{$opt} });
> + }
> + PVE::QemuConfig->add_to_pending_delete($conf, $opt, $force);
> + PVE::QemuConfig->write_config($vmid, $conf);
> } else {
> PVE::QemuConfig->add_to_pending_delete($conf, $opt, $force);
> PVE::QemuConfig->write_config($vmid, $conf);
> @@ -1860,6 +1867,12 @@ my $update_vm_api = sub {
> } elsif ($opt eq 'tags') {
> assert_tag_permissions($vmid, $conf->{$opt}, $param->{$opt}, $rpcenv, $authuser);
> $conf->{pending}->{$opt} = PVE::GuestHelpers::get_unique_tags($param->{$opt});
> + } elsif ($opt =~ m/^net\d+$/) {
> + if ($conf->{$opt}) {
> + PVE::QemuServer::check_bridge_access(
> + $rpcenv, $authuser, { $opt => $conf->{$opt} });
> + }
> + $conf->{pending}->{$opt} = $param->{$opt};
> } else {
> $conf->{pending}->{$opt} = $param->{$opt};
>
> --
> 2.39.2
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
More information about the pve-devel
mailing list