[pve-devel] [PATCH container/manager v2 0/2] add deny read/write options for device passthrough

Filip Schauer f.schauer at proxmox.com
Wed Jul 24 19:18:55 CEST 2024


Add the deny_read and deny_write options for device passthrough, to
restrict container access to devices.

This allows for passing through a device in read-only mode without
giving the container full access it.

Up until now a container with a device passed through to it was granted
full access to that device without an option to restrict that access as
pointed out by @Fiona.

Changes since v1:
* set default values for deny_read & deny_write
* remove the deny_read checkbox from the UI, since it is expected to
  only have a very niche use case.

pve-container:

Filip Schauer (1):
  add deny read/write options for device passthrough

 src/PVE/LXC.pm        | 13 ++++++++++++-
 src/PVE/LXC/Config.pm | 12 ++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)


pve-manager:

Filip Schauer (1):
  ui: lxc: add readonly option for device passthrough

 www/manager6/lxc/DeviceEdit.js | 8 ++++++++
 1 file changed, 8 insertions(+)


Summary over all repositories:
  3 files changed, 32 insertions(+), 1 deletions(-)

-- 
Generated by git-murpp 0.6.0




More information about the pve-devel mailing list