since many modern containers need the nesting feature to work properly
(thanks systemd...), we add a checkbox that is on by default
(and disables with unprivileged, since nested privileged containers
are not very secure)
to do that, we first have to loosen the nesting constraints in the api
a bit. we do that by allowing to set that for unprivileged containers
when the user has the 'VM.Allocate' privilege.
(just to note: a user with that right can also create privileged
containers, but could not enable nesting for them)
pve-container:
Dominik Csapak (2):
add old config and unprivileged to check_ct_modify_config_perm
allow nesting to be changed for VM.Allocate on unprivileged containers
src/PVE/API2/LXC.pm | 6 +++--
src/PVE/API2/LXC/Config.pm | 9 +++++---
src/PVE/LXC.pm | 45 +++++++++++++++++++++++++++++++++++---
3 files changed, 52 insertions(+), 8 deletions(-)
pve-manager:
Dominik Csapak (2):
ui: lxc/Options: allow opening features window for VM.Allocate
ui: lxc/CreateWizard: add a 'nesting' checkbox and enable it by
default
www/manager6/lxc/CreateWizard.js | 10 ++++++++++
www/manager6/lxc/Options.js | 2 +-
2 files changed, 11 insertions(+), 1 deletion(-)
--
2.30.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
