[pve-devel] [PATCH container 3/3] migration: require Sys.Modify for incoming privileged containers
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Jul 30 17:00:12 CEST 2025
an incoming remote migration is akin to a container creation, so treat it the same.
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
src/PVE/API2/LXC.pm | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 951b1c7..2574739 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -3036,6 +3036,7 @@ __PACKAGE__->register_method({
unprivileged => $unprivileged,
arch => $arch,
};
+ $rpcenv->check($authuser, '/', ['Sys.Modify']) if !$unprivileged;
PVE::LXC::check_ct_modify_config_perm(
$rpcenv,
$authuser,
--
2.39.5
More information about the pve-devel
mailing list