[pve-devel] [PATCH container v4 25/27] api: add early check against restoring privileged container from external source

Fiona Ebner f.ebner at proxmox.com
Thu Nov 14 16:07:52 CET 2024


While restore_external_archive() already has a check, that happens
after an existing container is destroyed.

Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
---

No changes in v4.

 src/PVE/API2/LXC.pm | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 213e518..dca0e35 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -39,6 +39,17 @@ BEGIN {
     }
 }
 
+my sub assert_not_restore_from_external {
+    my ($archive, $storage_cfg) = @_;
+
+    my ($storeid, undef) = PVE::Storage::parse_volume_id($archive, 1);
+
+    return if !defined($storeid);
+    return if !PVE::Storage::storage_has_feature($storage_cfg, $storeid, 'backup-provider');
+
+    die "refusing to restore privileged container backup from external source\n";
+}
+
 my $check_storage_access_migrate = sub {
     my ($rpcenv, $authuser, $storecfg, $storage, $node) = @_;
 
@@ -408,6 +419,9 @@ __PACKAGE__->register_method({
 			$conf->{unprivileged} = $orig_conf->{unprivileged}
 			    if !defined($unprivileged) && defined($orig_conf->{unprivileged});
 
+			assert_not_restore_from_external($archive, $storage_cfg)
+			    if !$conf->{unprivileged};
+
 			# implicit privileged change is checked here
 			if ($old_conf->{unprivileged} && !$conf->{unprivileged}) {
 			    $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Allocate']);
-- 
2.39.5





More information about the pve-devel mailing list