> Simon LEONARD <git-1001...@sinux.sh> hat am 22.03.2025 19:05 CET geschrieben:
> I added the validify check for each key.
> 
> I'm not keen to allow only root@pam to change this setting, as it would 
> kill any attempt at automating the container creation via the API.
> But maybe it should be part of a permission?

it needs to be root-only at the moment, because it allows setting a lot
of things that only root is supposed to be able to do:

- various containment features (apparmor, ..)
- arbitrary mounts
- hooks
- ..

most of those don't have an associated privilege and would require
something like 'Sys.Root':

https://bugzilla.proxmox.com/show_bug.cgi?id=2582


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to