[pbs-devel] [PATCH v4 proxmox 05/31] config: acl: allow namespace components for remote datastores

Christian Ebner c.ebner at proxmox.com
Thu Oct 17 15:26:50 CEST 2024


Extend the component limit for ACL paths of `remote` to include
possible namespace components.

This allows to limit the permissions for sync jobs in push direction
to a namespace subset on the remote datastore.

Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
---
changes since version 3:
- Optimize component len check

 pbs-config/src/acl.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pbs-config/src/acl.rs b/pbs-config/src/acl.rs
index 29ad3e8c9..a06b918ad 100644
--- a/pbs-config/src/acl.rs
+++ b/pbs-config/src/acl.rs
@@ -86,8 +86,8 @@ pub fn check_acl_path(path: &str) -> Result<(), Error> {
             }
         }
         "remote" => {
-            // /remote/{remote}/{store}
-            if components_len <= 3 {
+            // /remote/{remote}/{store}/{namespace}
+            if components_len <= 3 + pbs_api_types::MAX_NAMESPACE_DEPTH {
                 return Ok(());
             }
         }
-- 
2.39.5





More information about the pbs-devel mailing list