[pve-devel] [PATCH container/manager v2 0/2] add deny read/write options for device passthrough
Fiona Ebner
f.ebner at proxmox.com
Fri Sep 6 14:14:27 CEST 2024
Am 24.07.24 um 19:18 schrieb Filip Schauer:
> Add the deny_read and deny_write options for device passthrough, to
> restrict container access to devices.
>
> This allows for passing through a device in read-only mode without
> giving the container full access it.
>
> Up until now a container with a device passed through to it was granted
> full access to that device without an option to restrict that access as
> pointed out by @Fiona.
>
> Changes since v1:
> * set default values for deny_read & deny_write
> * remove the deny_read checkbox from the UI, since it is expected to
> only have a very niche use case.
>
We could also use dashes instead of underscores, i.e.
"deny-read"/"deny-write" as we often do for new properties.
Still not fully sure we need deny_read in the backend until somebody
complains with a sensible use case, but I guess it doesn't hurt if it's
already there.
In any case:
Reviewed-by: Fiona Ebner <f.ebner at proxmox.com>
Tested-by: Fiona Ebner <f.ebner at proxmox.com>
More information about the pve-devel
mailing list