--- Begin Message ---
Hello,
> most tools have ways to exclude certain paths ;)
Yeah - and every time when this "need to be excluded datasets"
list/names changed we need to update exclude options for this tools as
well. It seems that just make this datasets not visible to host is
simpler,
This patch allows `get_subdir_files` to recursively call itself, so that
subdirectories of set depth can be searched. We allow searching for
isos, vztmpl and snippets but not backups.
As a security measure, when parsing a given path, parent
directories (`/../`) are forbidden.
The feature is
Tests now also test if traversing subdirectories works. That means
checking if:
- parent directories in paths are caught
- checking that nested files are found
- checking that files below the maximum depth set are not found
Signed-off-by: Noel Ullreich
---
test/filesystem_path_test.pm | 18
This patch fixes #623, allowing isos/vztmpl/snippets in subdirectories.
This feature is opt-in and can be set from the API, web interface or
with `pvesm`.
I addressed the security concerns raised by Fabian, now parent
directories in the path (i.e. `/my/path/../somewhere/`) are forbidded.
I have
When adding or editing a storage device in Datacenter->Storage in the
web interface, the subdirectory depth can be set in the advanced menu.
Signed-off-by: Noel Ullreich
---
www/manager6/storage/Base.js | 11 +++
1 file changed, 11 insertions(+)
diff --git
Add the `subdir-depth` to the filesystems that can hold
isos/vztmpl/snippets.
Signed-off-by: Noel Ullreich
---
PVE/Storage/CIFSPlugin.pm | 1 +
PVE/Storage/CephFSPlugin.pm| 1 +
PVE/Storage/DirPlugin.pm | 1 +
PVE/Storage/GlusterfsPlugin.pm | 1 +
PVE/Storage/NFSPlugin.pm |
Am 15.05.23 um 15:51 schrieb Fiona Ebner:
> I should also mention that I ran into a migration issue today where a
> guest crashed (inside the VM, QEMU itself seemed fine), because of I/O.
> Might be related to PBS backup, local disks and/or snapshots. Will need
> to debug and see if I can
comments inline for a few things i noticed right away
(this was no in-depth review...)
On 5/16/23 13:22, Wolfgang Bumiller wrote:
If we get an empty challenge, tell the user to contact an
administrator as it means no 2nd factors and no recovery
keys are available.
Currently if only 1 key was
If we get an empty challenge, tell the user to contact an
administrator as it means no 2nd factors and no recovery
keys are available.
Currently if only 1 key was available and it had a high ID,
we'd show something like: "Recovery keys available: 9,
Warning, less than 4 keys available."
Let's
Detect if a different allocator than glibc malloc is linked with LD_PRELOAD,
and call malloc_trim() only for glibc malloc
This patch is mostly copy/paste from haproxy
https://github.com/haproxy/haproxy/blob/master/src/pool.c
Signed-off-by: Alexandre Derumier
---
with memory allocator property
Signed-off-by: Alexandre Derumier
---
www/manager6/Makefile | 1 +
www/manager6/Utils.js | 13 +
www/manager6/form/TuningSelector.js | 41 +
www/manager6/qemu/Options.js| 14 ++
4
This patches series add support for tcmalloc allocator with a new optionnal
tuning option in qemu-server.
tcmalloc improve librbd performance by 30% in latency and iops.
some performance bench results:
malloc: 60k iops 4k randread
tcmalloc : 90k iops 4k randread
a qemu patch is provided, to
Add a new tuning option with allocator property.
Available values:
- Default is 'system', aka glibc malloc
- tcmalloc (improve performance ceph librbd)
Signed-off-by: Alexandre Derumier
---
PVE/QemuServer.pm | 35 +++
1 file changed, 35 insertions(+)
diff --git
Am 16/05/2023 um 11:09 schrieb Fabian Grünbichler:
> this were not entirely consistent and sometimes the checks were repeated.
>
> Signed-off-by: Fabian Grünbichler
> ---
> src/PVE/Firewall.pm | 17 -
> 1 file changed, 12 insertions(+), 5 deletions(-)
>
>
applied series,
this were not entirely consistent and sometimes the checks were repeated.
Signed-off-by: Fabian Grünbichler
---
src/PVE/Firewall.pm | 17 -
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index a16c035..5fa264a 100644
---
without this additional conditions, it's possible to break the firewall by
setting an ICMP-type value as dport for non-ICMP protocols, e.g. 'any' for
'tcp'.
by rejecting the invalid rule/parameter, the rest of the ruleset is still
applied properly, and the error messages are a lot more
16 matches
Mail list logo