Search results

  1. BelCloud

    [PSA] ZFS Silent Data Corruption

    Hello! Could we get an official opinion on this?
  2. BelCloud

    [PSA] ZFS Silent Data Corruption

    Does this have any effect on VMs/zvols? Or only on containers/host filesystem?
  3. BelCloud

    CVE-2022-36648 - QEMU UP TO 7.0.0 ROCKER DEVICE

    Hello https://vuldb.com/?id.237695 Does proxmox use the rocker device in any way or are we safe from this? Or can this bug be exploited even if we do not add such a rocker device ? I couldn't find much information about it, but it seems to be high-severity. Thank you
  4. BelCloud

    Proxmox 8 API agent/exec changes

    Thank you very much! Do you know if there are any other planned changes to this function, as parameters? As it's a breaking change from 7 to 8 and the new implementation will create a lot of issues in existing libraries. It might be better to deprecate the command parameter and create a new...
  5. BelCloud

    Proxmox 8 API agent/exec changes

    In theory, it's a single array called command, that's how it's normally done when sending a POST with urlencode data. The exact JSON counterpart of the above request is {"command":["\/bin\/bash","\/tmp\/myscript"]} , but sending it as JSON will require modifying all existing Proxmox libraries...
  6. BelCloud

    Proxmox 8 API agent/exec changes

    Thank you for the reply! With curl, it should be something like this: curl -sSk -H 'Authorization: PVEAPIToken=TOKEN' -X POST --data command[]="/bin/bash" --data command[]="/tmp/myscript" https://HOST:8006/api2/json/nodes/NODE/qemu/100/agent/exec But it returns the same error as with my...
  7. BelCloud

    Proxmox 8 API agent/exec changes

    Hello I have noticed that in Proxmox 8, the <command> parameter for the API call POST /api2/json/nodes/{node}/qemu/{vmid}/agent/exec has been changed from <string> to <array> in the format: [string, ...] Does anyone have a working example with the new format? I have tried to send it as...
  8. BelCloud

    CVE-2023-0330

    Thank you very much!
  9. BelCloud

    CVE-2023-0330

    Hello Does anyone know if proxmox is vulnerable to CVE-2023-0330 and if there are any patches? It seems to be affecting the lsi53c895a scsi controller on qemu 7.2.0. Would simply switching to virtio-scsi be enough to mitigate this? https://cve.report/CVE-2023-0330
  10. BelCloud

    ZFS rpool instead of rpool/DATA

    Very good idea, thank you!
  11. BelCloud

    ZFS rpool instead of rpool/DATA

    Thank you very much for the reply! It's a mistake I did as I added a node to the cluster which had only lvm-thin storages, and when I added the zfs storage in the cluster for the specific node, I left it on the default rpool. Not sure If I should transfer the VMs from it and reinstall or leave...
  12. BelCloud

    ZFS rpool instead of rpool/DATA

    Hello Are there any risks or possible issues if we use directly the rpool zfs pool for the VMs, instead of the rpool/DATA as it is by default? Thank you
  13. BelCloud

    CVE-2021-4207

    Thank you very much! Doesn't "potentially execute arbitrary code within the context of the QEMU process" mean they could execute code on the host, as the qemu process runs as root?
  14. BelCloud

    CVE-2021-4207

    Hello Is CVE-2021-4207 patched in proxmox 6 and 7 ? https://security-tracker.debian.org/tracker/CVE-2021-4207 Does anyone know if this affects the default vga or virtio-gpu ? Do I understand it correctly that it only affects if the graphic card is set to SPICE? Thank you
  15. BelCloud

    CVE-2021-3748 - QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu

    Hello A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU...
  16. BelCloud

    Is nested virtualization enabled by default in PVE7 ?

    Hello I've noticed that in PVE7, nested virtualization seems enabled by default: # cat /sys/module/kvm_intel/parameters/nested Y # pveversion -V proxmox-ve: 7.1-1 (running kernel: 5.11.22-7-pve) pve-manager: 7.1-6 (running version: 7.1-6/4e61e21c) pve-kernel-5.13: 7.1-4 pve-kernel-helper...
  17. BelCloud

    LVM-Thin broken metadata precautions

    Hello Recently, the raid card (PERC h730p) on one of our nodes got fried. After replacing the card and importing the raid array, we've noticed the lvm thin metadata got corrupted. Check of pool pve/data failed (status:1). Manual repair required! We've tried to repair it with...
  18. BelCloud

    Best practice to keep PVE host up-to-date without rebooting?

    You could use kernelcare to keep the kernel patched. That's what we are using.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!