On 18.03.21 10:44, Fabian Ebner wrote: > by dropping privileged options for unprivileged users. For backwards > compatibility for in-place restores, keep the option as long as the value > didn't > change. > > Note that this softly "breaks" restoring a backup with such a privileged > option > under a new VM ID in the sense that the options won't be present in the new VM > configuration. Restoring itself still works. Restoring containers already > behaves similarly. > > In a trusted environment, there cannot be any backups that were tampered with, > but it's still worth adding such checks for resilience and future-proofing. > > Reported-by: Fabian Grünbichler <f.gruenbich...@proxmox.com> > Signed-off-by: Fabian Ebner <f.eb...@proxmox.com> > --- > > Changes from v1: > * don't capitalize warnings as much > * add tests > * add Reported-by tag >
waiting out this one for when we can apply it for 7.0, ideally we can define some better node HW permissions (e.g., for PCI) then and improve this by allowing more things to be restored as non-root while being safe. _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
