# some checks (e.g., disk, serial port, usb) need to be done somewhere
# else, as there the permission can be value dependend
next if PVE::QemuServer::is_valid_drivename($opt);
- next if $opt eq 'vmstate';
next if $opt eq 'cdrom';
next if $opt =~ m/^(?:unused|serial|usb)\d+$/;
$rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
} elsif ($cloudinitoptions->{$opt} || ($opt =~ m/^(?:net|ipconfig)\d+$/)) {
$rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
+ } elsif ($opt eq 'vmstate') {
+ # the user needs Disk and PowerMgmt privileges to change the vmstate
+ # also needs privileges on the storage, that will be checked later
+ $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk', 'VM.PowerMgmt' ]);
} else {
# catches hostpci\d+, args, lock, etc.
# new options will be checked here
}
} elsif ($opt eq 'vmstate') {
PVE::QemuConfig->check_protection($conf, "can't remove vmstate '$val'");
- # the user needs Disk and PowerMgmt privileges to remove the vmstate
- $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk', 'VM.PowerMgmt' ]);
if (PVE::QemuServer::try_deallocate_drive($storecfg, $vmid, $conf, $opt, { file => $val }, $rpcenv, $authuser, 1)) {
delete $conf->{$opt};
PVE::QemuConfig->write_config($vmid, $conf);