[pve-devel] [PATCH container/manager v2 0/2] add deny read/write options for device passthrough
Thomas Lamprecht
t.lamprecht at proxmox.com
Fri Sep 6 19:01:24 CEST 2024
Am 06/09/2024 um 14:14 schrieb Fiona Ebner:
> Am 24.07.24 um 19:18 schrieb Filip Schauer:
>> Add the deny_read and deny_write options for device passthrough, to
>> restrict container access to devices.
>>
>> This allows for passing through a device in read-only mode without
>> giving the container full access it.
>>
>> Up until now a container with a device passed through to it was granted
>> full access to that device without an option to restrict that access as
>> pointed out by @Fiona.
>>
>> Changes since v1:
>> * set default values for deny_read & deny_write
>> * remove the deny_read checkbox from the UI, since it is expected to
>> only have a very niche use case.
>>
>
> We could also use dashes instead of underscores, i.e.
> "deny-read"/"deny-write" as we often do for new properties.
>
> Still not fully sure we need deny_read in the backend until somebody
> complains with a sensible use case, but I guess it doesn't hurt if it's
> already there.
+1 to all above, I think going just with a deny-write option should
be enough for now, let's wait for an actual deny-read use-case before
adding it.
More information about the pve-devel
mailing list