since this manually constructs the input string for `crypt`, which looks
different depending on used prefix/hashing algorithm, ensure that it was
understood by crypt and that it returned a proper hashed password line.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
this has been the default for Debian since Bullseye[0].
besides password setting for the PAM/PVE/PMG realms, this is also used
to hash cloud-init passwords for Linux VMs, where only a subset of
prefixes is currently allowed.
'j9T' is the default cost factor for yescrypt.
0: https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#pam-default-password
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
The old code was wrong and overestimated the memory used because it
did not take into account things like "SReclaimable", a part of slab
(in-kernel memory allocator) describing things like caches that can be
reclaimed, plus the memory for "Active(file)" and "Inactive(file)",
and other internal kernel things that even though small for each one,
can add up quickly.
Most of these metrics are exposed and could be included in the
calculation, but this will simply become obsolete in the future as the
kernel changes how it does things and how it calculates such available
memory, as it has done many times in the past.
To solve this problem for the long term, the MemAvailable field was
added to /proc/meminfo as of kernel 3.14. It describes "the amount of
memory available for a new workload without pushing the system into
swap". While it is only an estimate, it is as good as it gets, and
since it comes from the kernel, we can always assume that it is
correct for the currently booted kernel.
So, switch over to this metric for calculating the used memory by
subtracting MemAvailable from MemTotal.
Also adds a simple test case for the parser.
This commit is based on a patch from Dietmar [1].
[0]: https://git.kernel.org/torvalds/c/34e431b0ae398fc54ea69ff85ec700722c9da773
[1]: https://lore.proxmox.com/all/20250314093319.106385-1-dietmar@proxmox.com/
Originally-by: Dietmar Maurer <dietmar@proxmox.com>
[TL: rewrite commit message from scratch referencing actual kernel
source of things, add comment to code]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
The current regex allows slashes as part of the fields $dtype, $id, and
$user. If the given UPID matches the regex, the UPID is used to
construct the task log filename. Hence, slashes in the UPID allow a
limited form of path traversal and will write the task log to a
directory other than /var/log/pve/tasks/subdir/X. While slashes are not
expected to appear in these fields under normal circumstances, add a
safeguard against such conditions and disallow slashes in the three
fields. UPIDs with slashes will then fail with "unable to parse worker
upid [...]".
Patch best viewed with
git show -p --word-diff-regex=.
Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
In the same spirit as [0], drop the old postinst script, since major
upgrades from 6.x to 8.x are not supported/possible, in any case.
Originally added in commit
c5c5812e ("add postinst hook to fix /etc/aliases whitespace error")
[0] https://lore.proxmox.com/pve-devel/20250312125906.57953-1-f.ebner@proxmox.com/
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
Move `$signal_info` down to where we declare the rest of the variables
shared with the callback.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Dbus has a limit of 512 connections by default and signals should be
disconnected as soon as they are not needed anymore.
This should alleviate https://bugzilla.proxmox.com/show_bug.cgi?id=5876.
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
We added it to the lspci one in commit dc023d6 ("SysFSTools: handle
new nvidia syfsapi as mdev"), but we'll also need it when querying a
single device.
code is the same as in the lspci sub
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[TL: reference commit explicitly]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Explain the reason for the explicit `use PerlIO::scalar;` statement
introduced in c4945bf ("tools: load PerlIO explicitly to avoid odd
failures")
Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
so that a caller can do additional verification on the downloaded or
extracted file
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Reviewed-by: Fiona Ebner <f.ebner@proxmox.com>
Tested-by: Fiona Ebner <f.ebner@proxmox.com>
by reusing the tmp_download variable for the decompression case too.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Reviewed-by: Fiona Ebner <f.ebner@proxmox.com>
Tested-by: Fiona Ebner <f.ebner@proxmox.com>
There are differences for error handling in the old and new helper, in
particular when the child is signaled. But the test here does not
explicitly check for specific error conditions or messages and is
therefore still correct with the new helper.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Add an option parameter to the run_fork() run_fork_with_timeout()
functions, where an 'afterfork' subroutine that is run in the parent
process after the fork can be specified. It is made subject to the
timeout too, because the fork already started running at that point
and an error in the 'afterfork' subroutine will take priority over an
error in the child.
In preparation to add a helper to run a Perl subroutine in a user
namespace, which, in turn, will be used for running the container
backup subroutine for external providers inside a user namespace. That
allows them to see the filesystem to back-up from the containers
perspective and also improves security because of isolation.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
The exit code of the test would be the exit code of the 'rm' system
call, no matter if the test itself failed or not. Use an eval block
instead of the END block and propagate the error correctly.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
This allows one to block traffic between all ports on the bridge with
isolation (so between the VMs), while still allow incoming traffic
from uplink.
Signed-off-by: Alexandre Derumier <alexandre.derumier@groupe-cyllene.com>
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This reverts commit 820949f46f to fix a
regression in pve-network, which uses this method.
Reported-by: Stefan Hanreich <s.hanreich@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
for better visibility. When not in a task, warnings from these helpers
are only logged to STDERR, which is particularly unhelpful in case of
daemons. This is the main motivation behind this change.
For tasks, warnings from these helpers are already more visible on the
UI side, but when looking at the syslog, one can only see the warning
count from the task right now, not the actual messages. This is
another reason in favor of the change.
Reported-by: Friedrich Weber <f.weber@proxmox.com>
Suggested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Adds checks when creating interfaces with `veth_create`, which is used
when creating the veth interface for Linux firewall bridges, and
`iface_create`, which is used when creating Linux / OVS firewall bridges
and VLAN bridges.
There are no functional changes in `veth_create` except the added check.
Without these checks, the following cases:
- When creating more than 10 Linux firewall bridges on a VM with 9
digits, e.g. 'fwbr999999999i10' is too long for an interface name
- When creating a VLAN bridge on a bridge that has already a long name,
e.g. the bridge 'abcdefghjklm' will try to create 'abcdefghijklmv249'
will fail with a rather unhelpful error message from the kernel:
> Error: Attribute failed policy validation.
Signed-off-by: Daniel Kral <d.kral@proxmox.com>
Adds a check for the name of VLAN bridge slave interfaces, which are
created on non VLAN-aware bridges. These checks mimics what is done when
parsing an interface name in iproute2 [0], which includes a name size
check, an empty string check and checking for invalid characters.
Without this check, creating a VLAN bridge slave interface, where the
length of the string "<iface>.<vlanid>" will be greater than or equal to
16 characters, resulted in the following error message from `ip` itself:
> Error: argument "<iface>.<vlanid>" is wrong: "name" not a valid ifname
[0] https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/lib/utils.c?h=v6.1.0#n825
Signed-off-by: Daniel Kral <d.kral@proxmox.com>
This is one step to make it possible to define the VLAN IDs and ranges
for bridges.
It is expected to be used in combination with the `-list` magic
property. Therefore it defines and checks the validity of a single list
item that could just be a single VLAN tag ID or a range.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
The old check for defined would also be true if it contained an empty
string. By checking its truthyness, an empty string will be falsy and
therefore the default value will be used.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
Replace `foreach` with `for` and use postfix deref instead of block
(circumfix) dereference (`$foo->%*` instead of `%$foo`).
Furthermore, make `format_config_line` a private sub instead of
unnecessarily declaring it as an anonymous subroutine, which avoids
the `&$sub_ref(...)` syntax altogether.
Signed-off-by: Max Carrara <m.carrara@proxmox.com>
We can just save both $! and %! and use the latter to check for
specific errors. This is not really pretty but perl does the same
internally, so...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
when starting a vm with passthrough, we have to bind all normal pci
devices to vfio-pci. This happens by
* unbinding from current driver
* telling vfio-pci the 'vendorid modelid' combo so it knows this device
class can use the driver (by writing to 'new_id')
* actually binding the device to vfio-pci
if there are multiple devices of the same 'vendorid modelid' class on
the host (and passed through), only the first write to 'new_id' is
successful, all subsequent ones return EEXIST.
This could happen e.g. for setups with multiple GPUs that have the same
audio chip.
To fix this, ignore the EEXIST error for this write to new_id, by adding
a new parameter to file_write for this.
If we need to ignore other errors in the future, we can still make this
more generic.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
the actual error and path is useful to know when trying to debug or
figure out what did not work, so warn here if there was an error.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Commit e68ebda ("fix #545: interfaces: allow arbitrary bridge names in
network config") introduced a cyclic usage between
PVE::RESTEnvironment and PVE::INotify, making code like the following
fail:
> perl -e "use PVE::RESTEnvironment qw(log_warn);"
Note, including the PVE::INotify module first would still work, i.e.:
> perl -e "use PVE::INotify; use PVE::RESTEnvironment qw(log_warn);"
The rest of the PVE::INotify module alredy uses syslog(), which could
be used here as well to get rid of the cyclic usage. Wolfgang argued
that the whole point of commit e68ebda was to remove coupling between
the name and the type of the interface. If there still is some code
about a name starting with 'vmbr' being classified wrong, that should
rather be fixed. Because of the very commit, the frontend already
doesn't show e.g. a non-bridge with name 'vmbr7' in bridge selectors.
Suggested-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: e68ebda ("fix #545: interfaces: allow arbitrary bridge names in network config")
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
This can be useful to have, e.g., when requiring different behaviors
the nearer an expiry gets.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
When configuring an OVS network device via web interface,
any OVS option set to value=0 is ignored upon saving. This happens
because value=0 is evaluated as false in $parse_ovs_option.
Signed-off-by: Tiomet Pelston <tiometpelston@gmail.com>
Reviewed-By: Aaron Lauterer <a.lauterer@proxmox.com>
Tested-By: Aaron Lauterer <a.lauterer@proxmox.com>
they should not be expensive (only reading/file checking in sysfs; the
parsed vendor/id names are not required) so we should include them
always.
We need at least the mdev part later at a point where we're not
interested in the rest of the verbose mode.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-by: Christoph Heiss <c.heiss@proxmox.com>
Reviewed-by: Christoph Heiss <c.heiss@proxmox.com>
with kernel 6.8 NVIDIAs vGPU driver has a different api than the
previous 'mediated devices'. Adapt our sysfcode to also recognize this
for the 'mdev' paths and add another 'nvidia' property so we can detect
this.
Also parse the new api when they exist instead of the mediated devices.
The biggest difference to the existing mdev api for our use is that the
devices don't report all generally available devices, only the
createable ones. So if a user wants to configure a VM, the selection is
restricted by what may currently run on the GPU (depending ont the exact
settings, e.g. mixed mode gpus where different models can be mixed on a
single GPU; not the default though)
We could overcome this, when we'd parse the general info from the
'nvidia-smi' tool, though I'm currently unsure if that interface is
stable and intended to be parsed (there is no json output or similar
AFAIK)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-by: Christoph Heiss <c.heiss@proxmox.com>
Reviewed-by: Christoph Heiss <c.heiss@proxmox.com>
since `print` is doing buffered IO, we don't always get an error there,
even if the underlying write does not work.
To properly catch that, do an unbuffered `syswrite` which circumvents
all buffers and writes directly to the file handle.
We aren't actually interested in the specific error here, but only if
the write was successful or not.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-by: Christoph Heiss <c.heiss@proxmox.com>
