[pve-devel] [PATCH qemu-server 1/1] api2: add check_bridge_access for create/update vm

[Fabian Grünbichler]

On June 2, 2023 2:12 pm, DERUMIER, Alexandre wrote:
> Le vendredi 02 juin 2023 à 13:43 +0200, Fabian Grünbichler a écrit :
>> a few more places that come to my mind that might warrant further
>> thinking or discussion:
>> - restoring a backup
> doesn't it also use create_vm ?

yes, but the potentially problematic parameters are coming from the
backup in that case, not $param :) we do check the storage permissions
at least, if we view nics on bridges/vnet as being the same kind of
entity as volumes on storages than it would make sense to also check
vnet permissions there (PVE::QemuServer -> $parse_backup_hints , but
probably that is not the best place for network related checks ;))

> __PACKAGE__->register_method({
>     name => 'create_vm',
>     path => '',
>     method => 'POST',
>     description => "Create or restore a virtual machine.",
> 
> 
>> - cloning a VM
> 
> for cloning, we can't change the target bridge, so if user have access
> to the clone, isn't it enough ?

same as above - if we treat "volume on storage" and "nic in vnet" as
being equivalent, then cloning would also need to check whether I am
allowed to add new nics to a vnet via cloning (like we do for volumes,
even without a storage override set!). $check_storage_access_clone is
the current helper, a similar one could be added for nics.

note: we'd also need a similar patch for pve-container ;) but if you
want, I can handle that one once this series is done or almost done, the
current approach is guest-agnostic anyway so I don't expect any changes
required for container support.