Superseded by:
https://lists.proxmox.com/pipermail/pve-devel/2024-September/065282.html
On 06/09/2024 19:01, Thomas Lamprecht wrote:
Am 06/09/2024 um 14:14 schrieb Fiona Ebner:
Am 24.07.24 um 19:18 schrieb Filip Schauer:
Add the deny_read and deny_write options for device passthrough, to
restrict container access to devices.
This allows for passing through a device in read-only mode without
giving the container full access it.
Up until now a container with a device passed through to it was granted
full access to that device without an option to restrict that access as
pointed out by @Fiona.
Changes since v1:
* set default values for deny_read & deny_write
* remove the deny_read checkbox from the UI, since it is expected to
only have a very niche use case.
We could also use dashes instead of underscores, i.e.
"deny-read"/"deny-write" as we often do for new properties.
Still not fully sure we need deny_read in the backend until somebody
complains with a sensible use case, but I guess it doesn't hurt if it's
already there.
+1 to all above, I think going just with a deny-write option should
be enough for now, let's wait for an actual deny-read use-case before
adding it.
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
