Podman 5.x and earlier required to run as admin to work with Hyper-v.
Starting from Podman 6 this is not mandatory anymore as Registry
entries are handled differently. However, it may
happen the user have a legacy machine running when switching to Podman 6
or starts an old machine in elevated mode and then tries to stop it as a
normal user with Podman 6. If that happens the system will end up in a corrupted state
as the gvproxy process will not be stopped.
To prevent such scenario and issues, this commit maintains the original
behavior Podman 5.x has. Legacy Hyper-v machines needs to be handled
with elevated rights.
Signed-off-by: lstocchi <lstocchi@redhat.com>
Update GetAll() and GetByVMType() to add a check to prevent non hyper-v admin users to
interact with hyperv machines.
Users can work with hyperv machines only with elevated rights or if
members of the hyperv administrators group
Signed-off-by: lstocchi <lstocchi@redhat.com>
Previously, each new HyperV Podman machine required creating new hvsock
registry entries, necessitating administrator privileges.
This change modifies the HyperV provider to reuse existing hvsock
entries if found. This is possible due to Podman's current
limitation of running only one HyperV machine at a time.
As a result, administrator privileges are only needed for the first initial
machine setup (when the registry is empty). Subsequent machines can be created by users in the
"Hyper-V Administrators" group without being Admin.
Hvsock entries are no longer deleted on each machine removal; cleanup
is handled when the last machine gets removed.
Signed-off-by: lstocchi <lstocchi@redhat.com>
