[pve-devel] [PATCH container v2 0/1] close #1543: allow low-level lxc config
Fabian Grünbichler
f.gruenbichler at proxmox.com
Mon Mar 24 16:01:19 CET 2025
> Simon LEONARD <git-1001af4 at sinux.sh> hat am 22.03.2025 19:05 CET geschrieben:
> I added the validify check for each key.
>
> I'm not keen to allow only root at pam to change this setting, as it would
> kill any attempt at automating the container creation via the API.
> But maybe it should be part of a permission?
it needs to be root-only at the moment, because it allows setting a lot
of things that only root is supposed to be able to do:
- various containment features (apparmor, ..)
- arbitrary mounts
- hooks
- ..
most of those don't have an associated privilege and would require
something like 'Sys.Root':
https://bugzilla.proxmox.com/show_bug.cgi?id=2582
More information about the pve-devel
mailing list