only root@pam should be able to add bind mounts

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 32151c8ab4d5cbef5c8d61aabae850f1feb04c9d..52ce4b042146d5bcb854f1bd3c535f6b8c3b50f8 100644 (file)
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -209,7 +209,7 @@ __PACKAGE__->register_method({
            raise_perm_exc();
        }
 
-       PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
+       PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, $pool, $param, []);
 
        my $storage = extract_param($param, 'storage') // 'local';
 
@@ -1247,7 +1247,7 @@ __PACKAGE__->register_method({
 
        die "no options specified\n" if !scalar(keys %$param);
 
-       PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
+       PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, $param, []);
 
        my $storage_cfg = cfs_read_file("storage.cfg");
 

diff --git a/src/PVE/API2/LXC/Config.pm b/src/PVE/API2/LXC/Config.pm
index 8e9295b0b8bcac15e361c771d09a7af76199aeb3..c1a97bd5c369775ac47d72661196e6dd48555767 100644 (file)
--- a/src/PVE/API2/LXC/Config.pm
+++ b/src/PVE/API2/LXC/Config.pm
@@ -112,7 +112,7 @@ __PACKAGE__->register_method({
        my $delete_str = extract_param($param, 'delete');
        my @delete = PVE::Tools::split_list($delete_str);
 
-       PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
+       PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, {}, [@delete]);
 
        foreach my $opt (@delete) {
            raise_param_exc({ delete => "you can't use '-$opt' and " .
@@ -124,7 +124,7 @@ __PACKAGE__->register_method({
            }
        }
 
-       PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
+       PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, $param, []);
 
        my $storage_cfg = cfs_read_file("storage.cfg");
 

diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index d2375522d7a7986c04c89b5eabdbf76229de7170..b2a19b85d801034ab75a1e6c0968f0e1cad8df42 100644 (file)
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -12,6 +12,7 @@ use Cwd qw();
 use Fcntl qw(O_RDONLY);
 
 use PVE::Cluster qw(cfs_register_file cfs_read_file);
+use PVE::Exception qw(raise_perm_exc);
 use PVE::Storage;
 use PVE::SafeSyslog;
 use PVE::INotify;
@@ -2235,16 +2236,20 @@ sub foreach_mountpoint_reverse {
 }
 
 sub check_ct_modify_config_perm {
-    my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
+    my ($rpcenv, $authuser, $vmid, $pool, $newconf, $delete) = @_;
 
     return 1 if $authuser eq 'root@pam';
 
-    foreach my $opt (@$key_list) {
-
+    my $check = sub {
+       my ($opt, $delete) = @_;
        if ($opt eq 'cpus' || $opt eq 'cpuunits' || $opt eq 'cpulimit') {
            $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
        } elsif ($opt eq 'rootfs' || $opt =~ /^mp\d+$/) {
            $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
+           return if $delete;
+           my $data = $opt eq 'rootfs' ? parse_ct_rootfs($newconf->{$opt})
+                                       : parse_ct_mountpoint($newconf->{$opt});
+           raise_perm_exc("mountpoint type $data->{type}") if $data->{type} ne 'volume';
        } elsif ($opt eq 'memory' || $opt eq 'swap') {
            $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
        } elsif ($opt =~ m/^net\d+$/ || $opt eq 'nameserver' ||
@@ -2253,6 +2258,13 @@ sub check_ct_modify_config_perm {
        } else {
            $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
        }
+    };
+
+    foreach my $opt (keys %$newconf) {
+       &$check($opt, 0);
+    }
+    foreach my $opt (@$delete) {
+       &$check($opt, 1);
     }
 
     return 1;