Am 10.02.25 um 14:56 schrieb Fiona Ebner: > Remote migration via API will be invoked under Perl's '-T' switch to > detect tainted input used in commands. For remote migration, the > bandwidth limit from the remote side would be such tainted input. This > would lead to failure for offline disk migration when the target > node's bandwidth limit is stricter when invoking the 'pvesm export' > command: > >> command 'set -o pipefail && pvesm export rbd:vm-400-disk-0 \ >> raw+size - -with-snapshots 0 | /usr/bin/cstream -t 307232768' \ >> failed: Insecure dependency in exec while running with -T switch > > Untaint the value to fix the issue. Note that the schema for the > bandwidth limits in datacenter.cfg and storage.cfg allows fractional > values. > > Avoid re-using the same variable for both, the reply from the remote > (which is a hash) and the actual remote bandwidth limit. This also > makes it possible to use the "assign regex match or die" pattern while > accessing the original value in the error message. > > Signed-off-by: Fiona Ebner <f.eb...@proxmox.com> > --- > src/PVE/AbstractMigrate.pm | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > >
applied, thanks! _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
