Struct PveFeaturesConfig 

pub struct PveFeaturesConfig {
    pub force_rw_sys: Option<PveBoolean>,
    pub fuse: Option<PveBoolean>,
    pub keyctl: Option<PveBoolean>,
    pub mknod: Option<PveBoolean>,
    pub mount: Option<String>,
    pub nesting: Option<PveBoolean>,
}

Fields

force_rw_sys: Option<PveBoolean>

Mount /sys in unprivileged containers as rw instead of mixed. This can break networking under newer (>= v245) systemd-network use.

fuse: Option<PveBoolean>

Allow using ‘fuse’ file systems in a container. Note that interactions between fuse and the freezer cgroup can potentially cause I/O deadlocks.

keyctl: Option<PveBoolean>

For unprivileged containers only: Allow the use of the keyctl() system call. This is required to use docker inside a container. By default unprivileged containers will see this system call as non-existent. This is mostly a workaround for systemd-networkd, as it will treat it as a fatal error when some keyctl() operations are denied by the kernel due to lacking permissions. Essentially, you can choose between running systemd-networkd or docker.

mknod: Option<PveBoolean>

Allow unprivileged containers to use mknod() to add certain device nodes. This requires a kernel with seccomp trap to user space support (5.3 or newer). This is experimental.

mount: Option<String>

Allow mounting file systems of specific types. This should be a list of file system types as used with the mount command. Note that this can have negative effects on the container’s security. With access to a loop device, mounting a file can circumvent the mknod permission of the devices cgroup, mounting an NFS file system can block the host’s I/O completely and prevent it from rebooting, etc.

nesting: Option<PveBoolean>

Allow nesting. Best used with unprivileged containers with additional id mapping. Note that this will expose procfs and sysfs contents of the host to the guest. This is also required by systemd to isolate services.

Implementations

impl PveFeaturesConfig

pub fn new() -> PveFeaturesConfig

impl PveFeaturesConfig

pub fn to_shorthand(&self) -> String

Serialise this PveFeaturesConfig into Proxmox’s CLI-style shorthand string (key=value,…). The property marked x-pve-default-key is emitted positionally without a key= prefix; aliases collapse multiple property names to the same wire key.

Example: PveFeaturesConfig → "virtio,bridge=vmbr0"

Trait Implementations

impl Clone for PveFeaturesConfig

fn clone(&self) -> PveFeaturesConfig

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for PveFeaturesConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for PveFeaturesConfig

fn default() -> PveFeaturesConfig

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for PveFeaturesConfig

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl PartialEq for PveFeaturesConfig

fn eq(&self, other: &PveFeaturesConfig) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for PveFeaturesConfig

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl StructuralPartialEq for PveFeaturesConfig