> Simon LEONARD <git-1001...@sinux.sh> hat am 22.03.2025 19:05 CET geschrieben: > I added the validify check for each key. > > I'm not keen to allow only root@pam to change this setting, as it would > kill any attempt at automating the container creation via the API. > But maybe it should be part of a permission?
it needs to be root-only at the moment, because it allows setting a lot of things that only root is supposed to be able to do: - various containment features (apparmor, ..) - arbitrary mounts - hooks - .. most of those don't have an associated privilege and would require something like 'Sys.Root': https://bugzilla.proxmox.com/show_bug.cgi?id=2582 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel