[pve-devel] [PATCH container 1/2] add deny read/write options for device passthrough
Fiona Ebner
f.ebner at proxmox.com
Wed Jul 24 12:20:04 CEST 2024
Am 29.04.24 um 15:15 schrieb Filip Schauer:
> Add the deny_read and deny_write options for device passthrough, to
> restrict container access to devices.
>
> Signed-off-by: Filip Schauer <f.schauer at proxmox.com>
Reviewed-by: Fiona Ebner <f.ebner at proxmox.com>
> diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
> index 1664a35..5db9181 100644
> --- a/src/PVE/LXC/Config.pm
> +++ b/src/PVE/LXC/Config.pm
> @@ -962,6 +962,16 @@ my $dev_desc = {
> minimum => 0,
> description => 'Group ID to be assigned to the device node',
> },
> + deny_read => {
> + optional => 1,
> + type => 'boolean',
> + description => 'Deny the container to read from the device',
> + },
> + deny_write => {
> + optional => 1,
> + type => 'boolean',
> + description => 'Deny the container to write to the device',
Nit: missing default for both
> + },
> };
>
> for (my $i = 0; $i < $MAX_DEVICES; $i++) {
More information about the pve-devel
mailing list