Am 29.04.24 um 15:15 schrieb Filip Schauer:
> Add the deny_read and deny_write options for device passthrough, to
> restrict container access to devices.
>
> Signed-off-by: Filip Schauer <f.scha...@proxmox.com>
Reviewed-by: Fiona Ebner <f.eb...@proxmox.com>
> diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
> index 1664a35..5db9181 100644
> --- a/src/PVE/LXC/Config.pm
> +++ b/src/PVE/LXC/Config.pm
> @@ -962,6 +962,16 @@ my $dev_desc = {
> minimum => 0,
> description => 'Group ID to be assigned to the device node',
> },
> + deny_read => {
> + optional => 1,
> + type => 'boolean',
> + description => 'Deny the container to read from the device',
> + },
> + deny_write => {
> + optional => 1,
> + type => 'boolean',
> + description => 'Deny the container to write to the device',
Nit: missing default for both
> + },
> };
>
> for (my $i = 0; $i < $MAX_DEVICES; $i++) {
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
