Signed-off-by: Fabian Ebner <f.eb...@proxmox.com>
---
For root@pam, the check is skipped in check_ct_modify_config_perm()
(everything is), but I didn't want to refactor the whole function
just for this...
src/PVE/API2/LXC.pm | 10 +++++++++-
src/PVE/LXC.pm | 9 ++++++++-
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 84712f7..ea4827f 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -283,7 +283,15 @@ __PACKAGE__->register_method({
$archive = '-';
die "restore from pipe requires rootfs parameter\n" if
!defined($param->{rootfs});
} else {
- PVE::Storage::check_volume_access($rpcenv, $authuser, $storage_cfg,
$vmid, $ostemplate);
+ my $content_type = $restore ? 'backup' : 'vztmpl';
+ PVE::Storage::check_volume_access(
+ $rpcenv,
+ $authuser,
+ $storage_cfg,
+ $vmid,
+ $ostemplate,
+ $content_type,
+ );
$archive = $ostemplate;
}
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index b07d986..fe63087 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -1272,7 +1272,14 @@ sub check_ct_modify_config_perm {
my $sid = $1;
$rpcenv->check($authuser, "/storage/$sid",
['Datastore.AllocateSpace']);
} else {
- PVE::Storage::check_volume_access($rpcenv, $authuser,
$storage_cfg, $vmid, $volid);
+ PVE::Storage::check_volume_access(
+ $rpcenv,
+ $authuser,
+ $storage_cfg,
+ $vmid,
+ $volid,
+ 'rootdir',
+ );
}
} elsif ($opt eq 'memory' || $opt eq 'swap') {
$rpcenv->check_vm_perm($authuser, $vmid, $pool,
['VM.Config.Memory']);
--
2.30.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
