[pve-devel] [PATCH pve-common] inotify: interfaces: also set type 'bridge' for empty bridges
Fabian Grünbichler
f.gruenbichler at proxmox.com
Fri Aug 8 11:21:31 CEST 2025
On August 8, 2025 10:58 am, Hannes Laimer wrote:
> On 08.08.25 10:40, Fabian Grünbichler wrote:
>> On August 7, 2025 4:21 pm, Hannes Laimer wrote:
>>> If a bridge has `bridge_ports` set to `none` we just skip the field.
>>> Later we use the existance of the field to determine whether the type
>>> should be `bridge`. This led to bridges without `bridge_ports` not
>>> being recognized as bridges.
>>>
>>> In the `/nodes/{}/network` we do permissions checks but only for ifaces
>>> with type `bridge`(or `OVSBridge`). So interfaces were returned by the
>>> endpoint even if the user did not have permissions the correct
>>> permissions because the interface did not have type `bridge`.
>>>
>>> This fixes this by also setting the type to `bridge` for empty bridges.
>>>
>>> Signed-off-by: Hannes Laimer <h.laimer at proxmox.com>
>>> ---
>>
[..]
>> do we also need special handling of "empty" bonds (which make less sense
>> in practice, but might still exist?) - in particular if we ever plan on
>> dropping the naming restrictions there?
>>
>
> we allow something like this
> ```
> auto bond0
> iface bond0 inet manual
> bond-slaves none
> bond-miimon 100
> bond-mode balance-rr
> ```
> to be set (even through the UI), but it does trip up `ifreload`. I think
> we should at least not allow setting `bond_slaves none` through the UI.
not sure if somebody might use this as an intermediate state (without
applying)?
as in, remove bond port A (bond has no ports), add port A to other bond,
remove port B from other bond, add port B to this bond, apply?
IIRC we don't allow ports to be shared in multiple devices..
More information about the pve-devel
mailing list