restore: correctly handle fw config from archive

and skip restoring it if the user only has VM.Backup permissions, the
contained config file is a symlink, or if it is empty.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index cf14d75d93355137ae6672d94566389dca1567f2..26c4f8800a8cf4e60c5a2be370463a4c08fe1e56 100644 (file)
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -206,6 +206,9 @@ __PACKAGE__->register_method({
        my $restore = extract_param($param, 'restore');
        my $unique = extract_param($param, 'unique');
 
+       # used to skip firewall config restore if user lacks permission
+       my $skip_fw_config_restore = 0;
+
        if ($restore) {
            # fixme: limit allowed parameters
        }
@@ -237,6 +240,10 @@ __PACKAGE__->register_method({
        } elsif ($restore && $force && $same_container_exists &&
                 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
            # OK: user has VM.Backup permissions, and want to restore an existing VM
+
+           # we don't want to restore a container-provided FW conf in this case
+           # since the user is lacking permission to configure the container's FW
+           $skip_fw_config_restore = 1;
        } else {
            raise_perm_exc();
        }
@@ -407,7 +414,7 @@ __PACKAGE__->register_method({
                    PVE::LXC::Create::restore_archive($archive, $rootdir, $conf, $ignore_unpack_errors, $bwlimit);
 
                    if ($restore) {
-                       PVE::LXC::Create::restore_configuration($vmid, $rootdir, $conf, !$is_root, $unique);
+                       PVE::LXC::Create::restore_configuration($vmid, $rootdir, $conf, !$is_root, $unique, $skip_fw_config_restore);
                    } else {
                        my $lxc_setup = PVE::LXC::Setup->new($conf, $rootdir); # detect OS
                        PVE::LXC::Config->write_config($vmid, $conf); # safe config (after OS detection)

diff --git a/src/PVE/LXC/Create.pm b/src/PVE/LXC/Create.pm
index ee83052a3d454298f63c48c2501c19b0aa843261..a46a50c268e3222f3c1a9ff4028c611975e09964 100644 (file)
--- a/src/PVE/LXC/Create.pm
+++ b/src/PVE/LXC/Create.pm
@@ -157,7 +157,7 @@ sub recover_config {
 }
 
 sub restore_configuration {
-    my ($vmid, $rootdir, $conf, $restricted, $unique) = @_;
+    my ($vmid, $rootdir, $conf, $restricted, $unique, $skip_fw) = @_;
 
     # restore: try to extract configuration from archive
 
@@ -202,10 +202,21 @@ sub restore_configuration {
        }
        unlink($pct_cfg_fn);
 
-       if (-f $pct_fwcfg_fn) {
+       # note: this file is possibly from the container itself in backups
+       # created prior to pve-container 2.0-40 (PVE 5.x) / 3.0-5 (PVE 6.x)
+       # only copy non-empty, non-symlink files, and only if the user is
+       # allowed to modify the firewall config anyways
+       if (-f $pct_fwcfg_fn && ! -l $pct_fwcfg_fn && -s $pct_fwcfg_fn) {
            my $pve_firewall_dir = '/etc/pve/firewall';
-           mkdir $pve_firewall_dir; # make sure the directory exists
-           PVE::Tools::file_copy($pct_fwcfg_fn, "${pve_firewall_dir}/$vmid.fw");
+           my $pct_fwcfg_target = "${pve_firewall_dir}/${vmid}.fw";
+           if ($skip_fw) {
+               warn "ignoring firewall config from backup archive's '$pct_fwcfg_fn', lacking API permission to modify firewall.\n";
+               warn "old firewall configuration in '$pct_fwcfg_target' left in place!\n"
+                   if -e $pct_fwcfg_target;
+           } else {
+               mkdir $pve_firewall_dir; # make sure the directory exists
+               PVE::Tools::file_copy($pct_fwcfg_fn, $pct_fwcfg_target);
+           }
            unlink $pct_fwcfg_fn;
        }