On May 26, 2023 9:33 am, Alexandre Derumier wrote: > For proxmox 8, following the pve-manager patch serie > https://lists.proxmox.com/pipermail/pve-devel/2023-May/056970.html > > This patch serie add check of permissions for bridge/vnets access > (currently only at vm create/update, I'm note sureif they are other > places where it should be added) > > if user have access to a zone, it have access to all vnets + vnet vlans > if user have access to a vnet, it have access to the vnet + vnet vlans > if user have access to a specific vnet+vlan, it have access to the vlan only
the last part could be solved more elegantly IMHO by making tags children of vnets (and delegating the propagation the propagation bit of the ACL), see comments on individual patches. nit: if you send a single commit, no need for a cover letter - and then please include this information in the commit message, as series cover letters are not included once the patch is applied! > > Alexandre Derumier (1): > api2: add check_bridge_access for create/update vm > > PVE/API2/Qemu.pm | 37 ++++++++++++++++++++++++++++++++++++- > 1 file changed, 36 insertions(+), 1 deletion(-) > > -- > 2.30.2 > > > _______________________________________________ > pve-devel mailing list > pve-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > > > _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
