Am 18.11.24 um 10:02 schrieb Stefan Hanreich: > Depends on if you consider a database of all assigned IPs inside the > cluster as sensitive information, iirc we erred on the side of caution > in this case and stored it in /etc/pve/priv.
We briefly talked off-list about that, but I think it might be worth to state this on the list too: Its sensitive information as in "let's not make that broadly available via the API to unprivileged users" not secrets that can be used to access third party systems or break encryption, thus let's be extra vigilant to hedge against the case where a non-root user/process gets taken over. As /etc/pve/priv is for the latter, not the former; as else we would need to also move most configs in there too. I'll take a short look if it's easily possible to add a sane migration path at pmxcfs level, handling this transparently, otherwise we'll have to add some compat handling at higher levels. Korrigieren Schließen Rechtschreibung Possible spelling mistake found. EveevepiePVPVCIgnorieren _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
