[pve-devel] [PATCH container v2 0/1] close #1543: allow low-level lxc config

Fabian Grünbichler f.gruenbichler at proxmox.com
Mon Mar 24 16:01:19 CET 2025


> Simon LEONARD <git-1001af4 at sinux.sh> hat am 22.03.2025 19:05 CET geschrieben:
> I added the validify check for each key.
> 
> I'm not keen to allow only root at pam to change this setting, as it would 
> kill any attempt at automating the container creation via the API.
> But maybe it should be part of a permission?

it needs to be root-only at the moment, because it allows setting a lot
of things that only root is supposed to be able to do:

- various containment features (apparmor, ..)
- arbitrary mounts
- hooks
- ..

most of those don't have an associated privilege and would require
something like 'Sys.Root':

https://bugzilla.proxmox.com/show_bug.cgi?id=2582




More information about the pve-devel mailing list