[pve-devel] [PATCH guest-common 1/1] storage tunnel: check just-imported image files
Fabian Grünbichler
f.gruenbichler at proxmox.com
Fri Aug 9 13:22:32 CEST 2024
remote migration requires elevated privileges already and can thus only be
triggered by trusted sources, but an additional safeguard of checking the image
for external references doesn't hurt.
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
Notes:
requires pve-storage change to actually have an effect
src/PVE/StorageTunnel.pm | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/PVE/StorageTunnel.pm b/src/PVE/StorageTunnel.pm
index c880889..21780bd 100644
--- a/src/PVE/StorageTunnel.pm
+++ b/src/PVE/StorageTunnel.pm
@@ -280,6 +280,13 @@ sub handle_query_disk_import {
delete $state->{sockets}->{$unix};
delete $state->{disk_import};
$state->{cleanup}->{volumes}->{$volid} = 1;
+ my $cfg = PVE::Storage::config();
+ my ($storage, $volume) = PVE::Storage::parse_volume_id($volid);
+ my $scfg = PVE::Storage::storage_config($cfg, $storage);
+ # check imported image for bad references
+ if ($scfg->{path}) {
+ PVE::Storage::file_size_info(PVE::Storage::path($cfg, $volid), undef, 1);
+ }
return {
status => "complete",
volid => $volid,
--
2.39.2
More information about the pve-devel
mailing list