[pve-devel] [PATCH manager 2/2] pve7to8: add check for dropped Permissions.Modify
Fabian Grünbichler
f.gruenbichler at proxmox.com
Tue Jun 13 13:50:24 CEST 2023
as a warning only - depending on desired privileges, no action might be
necessary.
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
PVE/CLI/pve7to8.pm | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/PVE/CLI/pve7to8.pm b/PVE/CLI/pve7to8.pm
index 7dc66499a..82441b0f8 100644
--- a/PVE/CLI/pve7to8.pm
+++ b/PVE/CLI/pve7to8.pm
@@ -695,7 +695,7 @@ sub check_cifs_credential_location {
}
sub check_custom_pool_roles {
- log_info("Checking custom role IDs for clashes with new 'PVE' namespace..");
+ log_info("Checking permission system changes..");
if (! -f "/etc/pve/user.cfg") {
log_skip("user.cfg does not exist");
@@ -731,9 +731,17 @@ sub check_custom_pool_roles {
foreach my $priv (split_list($privlist)) {
$roles->{$role}->{$priv} = 1;
}
+ } elsif ($et eq 'acl') {
+ my ($propagate, $pathtxt, $uglist, $rolelist) = @data;
+ foreach my $role (split_list($rolelist)) {
+ if ($role eq 'PVESysAdmin' || $role eq 'PVEAdmin') {
+ log_warn("found ACL entry on '$pathtxt' for '$uglist' with role '$role' - this role will no longer have 'Permissions.Modify' after the upgrade!");
+ }
+ }
}
}
+ log_info("Checking custom role IDs for clashes with new 'PVE' namespace..");
my ($custom_roles, $pve_namespace_clashes) = (0, 0);
for my $role (sort keys %{$roles}) {
next if PVE::AccessControl::role_is_special($role);
--
2.39.2
More information about the pve-devel
mailing list