Add the deny_read and deny_write options for device passthrough, to restrict container access to devices.
This allows for passing through a device in read-only mode without giving the container full access it. Up until now a container with a device passed through to it was granted full access to that device without an option to restrict that access as pointed out by @Fiona. Changes since v1: * set default values for deny_read & deny_write * remove the deny_read checkbox from the UI, since it is expected to only have a very niche use case. pve-container: Filip Schauer (1): add deny read/write options for device passthrough src/PVE/LXC.pm | 13 ++++++++++++- src/PVE/LXC/Config.pm | 12 ++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) pve-manager: Filip Schauer (1): ui: lxc: add readonly option for device passthrough www/manager6/lxc/DeviceEdit.js | 8 ++++++++ 1 file changed, 8 insertions(+) Summary over all repositories: 3 files changed, 32 insertions(+), 1 deletions(-) -- Generated by git-murpp 0.6.0 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel