Hyper-V Administrators should not require admin

containers / podman

Podman: A tool for managing OCI containers and pods.

https://podman.io

Apache License 2.0

23.04k stars 2.35k forks source link

Hyper-V Administrators should not require admin #23578

Open bismip opened 1 month ago

bismip commented 1 month ago

Issue Description

Podman checks for admin permissions when running with Hyper-V on Windows. Members of the group Hyper-V Administrators should be able to manage VMs without admin permissions.

Steps to reproduce the issue

Run podman machine init without admin privileges.

Describe the results you received

Error about missing permissions.

Describe the results you expected

It should work.

podman info output

OS: windows/amd64
provider: hyperv
version: 5.1.2

Podman in a container

Privileged Or Rootless

None

Upstream Latest Release

Additional environment details

Windows 11

Additional information

No response

baude commented 1 month ago

hyperv does not technically require admin but the use of the registry keys to create the vsock does.

baude commented 1 month ago

would people rather have a priv elevation for podman machine init?

bismip commented 1 month ago

hyperv does not technically require admin but the use of the registry keys to create the vsock does.

It should still work for members of Hyper-V Administrators, depending on how podman does it. I'll have a look at the code later.

would people rather have a priv elevation for podman machine init?

If admin is a requirement, this is probably the preferred way in restricted enterprise environments.

baude commented 1 month ago

It should still work for members of Hyper-V Administrators, depending on how podman does it. I'll have a look at the code later.

When I tested this last time, this was not true. The hvsock registry entries required admin.

github-actions[bot] commented 2 days ago

A friendly reminder that this issue had no activity for 30 days.