[pve-devel] [PATCH v2 guest-common 1/1] storage tunnel: check just-imported image files
Fabian Grünbichler
f.gruenbichler at proxmox.com
Mon Nov 4 11:42:19 CET 2024
remote migration requires elevated privileges already and can thus only be
triggered by trusted sources, but an additional safeguard of checking the image
for external references doesn't hurt.
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
Notes:
requires pve-storage change to actually have an effect
v2: fix issue with array context by storing path in its own variable (thanks Fiona)
src/PVE/StorageTunnel.pm | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/PVE/StorageTunnel.pm b/src/PVE/StorageTunnel.pm
index c880889..fa7889c 100644
--- a/src/PVE/StorageTunnel.pm
+++ b/src/PVE/StorageTunnel.pm
@@ -280,6 +280,14 @@ sub handle_query_disk_import {
delete $state->{sockets}->{$unix};
delete $state->{disk_import};
$state->{cleanup}->{volumes}->{$volid} = 1;
+ my $cfg = PVE::Storage::config();
+ my ($storage, $volume) = PVE::Storage::parse_volume_id($volid);
+ my $scfg = PVE::Storage::storage_config($cfg, $storage);
+ # check imported image for bad references
+ if ($scfg->{path}) {
+ my $path = PVE::Storage::path($cfg, $volid);
+ PVE::Storage::file_size_info($path, undef, 1);
+ }
return {
status => "complete",
volid => $volid,
--
2.39.5
More information about the pve-devel
mailing list