since these can only be added as root to existing containers,
and might be dangerous.
---
 src/PVE/API2/LXC.pm   |  2 +-
 src/PVE/LXC/Create.pm | 12 +++++++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 83afd56..15ebb87 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -383,7 +383,7 @@ __PACKAGE__->register_method({
                    PVE::LXC::Create::restore_archive($archive, $rootdir, 
$conf, $ignore_unpack_errors);
 
                    if ($restore) {
-                       PVE::LXC::Create::restore_configuration($vmid, 
$rootdir, $conf);
+                       PVE::LXC::Create::restore_configuration($vmid, 
$rootdir, $conf, $authuser ne 'root@pam');
                    } else {
                        my $lxc_setup = PVE::LXC::Setup->new($conf, $rootdir); 
# detect OS
                        PVE::LXC::Config->write_config($vmid, $conf); # safe 
config (after OS detection)
diff --git a/src/PVE/LXC/Create.pm b/src/PVE/LXC/Create.pm
index aea6ad3..eea4630 100644
--- a/src/PVE/LXC/Create.pm
+++ b/src/PVE/LXC/Create.pm
@@ -102,7 +102,7 @@ sub recover_config {
 }
 
 sub restore_configuration {
-    my ($vmid, $rootdir, $conf) = @_;
+    my ($vmid, $rootdir, $conf, $restricted) = @_;
 
     # restore: try to extract configuration from archive
 
@@ -117,6 +117,16 @@ sub restore_configuration {
            next if $key eq 'digest' || $key eq 'rootfs' || $key eq 'snapshots' 
|| $key eq 'unprivileged' || $key eq 'parent';
            next if $key =~ /^mp\d+$/; # don't recover mountpoints
            next if $key =~ /^unused\d+$/; # don't recover unused disks
+           if ($restricted && $key eq 'lxc') {
+               warn "skipping custom lxc options, restore manually as root:\n";
+               warn "--------------------------------\n";
+               my $lxc_list = $oldconf->{'lxc'};
+               foreach my $lxc_opt (@$lxc_list) {
+                   warn "$lxc_opt->[0]: $lxc_opt->[1]\n"
+               }
+               warn "--------------------------------\n";
+               next;
+           }
            $conf->{$key} = $oldconf->{$key} if !defined($conf->{$key});
        }
        unlink($pct_cfg_fn);
-- 
2.1.4


_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to