clientapi_pve/models/pve_features_config.rs
1/*
2 * Proxmox Virtual Environment API
3 *
4 * Generated from apidoc.js. NOT an official Proxmox specification. See https://pve.proxmox.com/pve-docs/api-viewer/ for the upstream documentation.
5 *
6 * The version of the OpenAPI document: 9.x
7 *
8 * Generated by: https://openapi-generator.tech
9 */
10
11use crate::models;
12use serde::{Deserialize, Serialize};
13
14#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
15pub struct PveFeaturesConfig {
16
17 /// Mount /sys in unprivileged containers as `rw` instead of `mixed`. This can break networking under newer (>= v245) systemd-network use.
18 #[serde(rename = "force_rw_sys", skip_serializing_if = "Option::is_none")]
19 pub force_rw_sys: Option<models::PveBoolean>,
20
21 /// Allow using 'fuse' file systems in a container. Note that interactions between fuse and the freezer cgroup can potentially cause I/O deadlocks.
22 #[serde(rename = "fuse", skip_serializing_if = "Option::is_none")]
23 pub fuse: Option<models::PveBoolean>,
24
25 /// For unprivileged containers only: Allow the use of the keyctl() system call. This is required to use docker inside a container. By default unprivileged containers will see this system call as non-existent. This is mostly a workaround for systemd-networkd, as it will treat it as a fatal error when some keyctl() operations are denied by the kernel due to lacking permissions. Essentially, you can choose between running systemd-networkd or docker.
26 #[serde(rename = "keyctl", skip_serializing_if = "Option::is_none")]
27 pub keyctl: Option<models::PveBoolean>,
28
29 /// Allow unprivileged containers to use mknod() to add certain device nodes. This requires a kernel with seccomp trap to user space support (5.3 or newer). This is experimental.
30 #[serde(rename = "mknod", skip_serializing_if = "Option::is_none")]
31 pub mknod: Option<models::PveBoolean>,
32
33 /// Allow mounting file systems of specific types. This should be a list of file system types as used with the mount command. Note that this can have negative effects on the container's security. With access to a loop device, mounting a file can circumvent the mknod permission of the devices cgroup, mounting an NFS file system can block the host's I/O completely and prevent it from rebooting, etc.
34 #[serde(rename = "mount", skip_serializing_if = "Option::is_none")]
35 pub mount: Option<String>,
36
37 /// Allow nesting. Best used with unprivileged containers with additional id mapping. Note that this will expose procfs and sysfs contents of the host to the guest. This is also required by systemd to isolate services.
38 #[serde(rename = "nesting", skip_serializing_if = "Option::is_none")]
39 pub nesting: Option<models::PveBoolean>,
40
41
42}
43
44impl PveFeaturesConfig {
45 pub fn new() -> PveFeaturesConfig {
46 PveFeaturesConfig {
47
48 force_rw_sys: None,
49
50 fuse: None,
51
52 keyctl: None,
53
54 mknod: None,
55
56 mount: None,
57
58 nesting: None,
59
60 }
61 }
62}
63
64
65impl PveFeaturesConfig {
66 /// Serialise this PveFeaturesConfig into Proxmox's CLI-style shorthand
67 /// string (`key=value,…`). The property marked `x-pve-default-key`
68 /// is emitted positionally without a `key=` prefix; aliases collapse
69 /// multiple property names to the same wire key.
70 ///
71 /// Example: `PveFeaturesConfig `
72 /// → `"virtio,bridge=vmbr0"`
73 pub fn to_shorthand(&self) -> String {
74 let mut parts: Vec<String> = Vec::new();
75
76
77
78 if let Some(ref v) = self.force_rw_sys {
79 parts.push(format!("force_rw_sys={}", v));
80 }
81
82
83 if let Some(ref v) = self.fuse {
84 parts.push(format!("fuse={}", v));
85 }
86
87
88 if let Some(ref v) = self.keyctl {
89 parts.push(format!("keyctl={}", v));
90 }
91
92
93 if let Some(ref v) = self.mknod {
94 parts.push(format!("mknod={}", v));
95 }
96
97
98 if let Some(ref v) = self.mount {
99 parts.push(format!("mount={}", v));
100 }
101
102
103 if let Some(ref v) = self.nesting {
104 parts.push(format!("nesting={}", v));
105 }
106
107 parts.join(",")
108 }
109}
110