[pve-devel] [PATCH access-control] acl: add missing SDN ACL paths to allowed list

Tue, 07 Nov 2023 22:55:39 -0800 

else it's not actually possible to define ACLs on them, which means they are
effectively root only instead of allowing their intended permission scheme.

Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com>
---
 src/PVE/AccessControl.pm | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index cc0f00b..9600e59 100644
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -1266,6 +1266,12 @@ sub check_path {
        |/pool
        |/pool/[[:alnum:]\.\-\_]+
        |/sdn
+       |/sdn/controllers
+       |/sdn/controllers/[[:alnum:]\_\-]+
+       |/sdn/dns
+       |/sdn/dns/[[:alnum:]]+
+       |/sdn/ipams
+       |/sdn/ipams/[[:alnum:]]+
        |/sdn/zones
        |/sdn/zones/[[:alnum:]\.\-\_]+
        |/sdn/zones/[[:alnum:]\.\-\_]+/[[:alnum:]\.\-\_]+
-- 
2.39.2



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to