remote migration requires elevated privileges already and can thus only be
triggered by trusted sources, but an additional safeguard of checking the image
for external references doesn't hurt.
Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com>
---
Notes:
requires pve-storage change to actually have an effect
src/PVE/StorageTunnel.pm | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/PVE/StorageTunnel.pm b/src/PVE/StorageTunnel.pm
index c880889..21780bd 100644
--- a/src/PVE/StorageTunnel.pm
+++ b/src/PVE/StorageTunnel.pm
@@ -280,6 +280,13 @@ sub handle_query_disk_import {
delete $state->{sockets}->{$unix};
delete $state->{disk_import};
$state->{cleanup}->{volumes}->{$volid} = 1;
+ my $cfg = PVE::Storage::config();
+ my ($storage, $volume) = PVE::Storage::parse_volume_id($volid);
+ my $scfg = PVE::Storage::storage_config($cfg, $storage);
+ # check imported image for bad references
+ if ($scfg->{path}) {
+ PVE::Storage::file_size_info(PVE::Storage::path($cfg, $volid),
undef, 1);
+ }
return {
status => "complete",
volid => $volid,
--
2.39.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
