opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-11-28 17:18:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ffe01749e2088a10079a2764d886715424062a93
podman/pkg/machine/hyperv/hutil.go
lstocchi ab89922f4b hyperv should reuse hvsock registry entries when possible 
Previously, each new HyperV Podman machine required creating new hvsock
registry entries, necessitating administrator privileges.

This change modifies the HyperV provider to reuse existing hvsock
entries if found. This is possible due to Podman's current
limitation of running only one HyperV machine at a time.

As a result, administrator privileges are only needed for the first initial
machine setup (when the registry is empty). Subsequent machines can be created by users in the
"Hyper-V Administrators" group without being Admin.

Hvsock entries are no longer deleted on each machine removal; cleanup
is handled when the last machine gets removed.

Signed-off-by: lstocchi <lstocchi@redhat.com>
2025-11-20 16:51:31 +01:00

39 lines
1.4 KiB
Go
Raw Blame History

//go:build windows
package hyperv
import (
"errors"
"github.com/sirupsen/logrus"
"golang.org/x/sys/windows"
)
var (
ErrHypervUserNotInAdminGroup = errors.New("Hyper-V machines require Hyper-V admin rights to be managed. Please add the current user to the Hyper-V Administrators group or run Podman as an administrator")
ErrHypervRegistryInitRequiresElevation = errors.New("the first time Podman initializes a Hyper-V machine, it requires admin rights. Please run Podman as an administrator")
ErrHypervRegistryRemoveRequiresElevation = errors.New("removing this Hyper-V machine requires admin rights to clean up the Windows Registry. Please run Podman as an administrator")
ErrHypervRegistryUpdateRequiresElevation = errors.New("this machine's configuration requires additional Hyper-V networking (hvsock) entries in the Windows Registry. Please run Podman as an administrator")
)
func HasHyperVAdminRights() bool {
sid, err := windows.CreateWellKnownSid(windows.WinBuiltinHyperVAdminsSid)
if err != nil {
return false
}
// From MS docs:
// "If TokenHandle is NULL, CheckTokenMembership uses the impersonation
// token of the calling thread. If the thread is not impersonating,
// the function duplicates the thread's primary token to create an
// impersonation token."
token := windows.Token(0)
member, err := token.IsMember(sid)
if err != nil {
logrus.Warnf("Token Membership Error: %s", err)
return false
}
return member
}
Reference in New Issue View Git Blame Copy Permalink