[pve-devel] [PATCH cluster] Require Sys.Audit to read the cluster configuration
Thomas Lamprecht
t.lamprecht at proxmox.com
Tue Mar 7 12:21:23 CET 2017
Looks good to me, adding new permissions is it not worth it for now,
so I'd would have done the same here.
On 03/06/2017 11:42 AM, Emmanuel Kasper wrote:
> Up to now only root could see the corosync cluster config.
>
> Sys.Audit is the same permission required
> for reading the HA Config and the HA Resources Config.
> ---
> NB: a patch for the permission description in user management will folow
> data/PVE/API2/ClusterConfig.pm | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/data/PVE/API2/ClusterConfig.pm b/data/PVE/API2/ClusterConfig.pm
> index ab807bd..65b376f 100644
> --- a/data/PVE/API2/ClusterConfig.pm
> +++ b/data/PVE/API2/ClusterConfig.pm
> @@ -16,6 +16,9 @@ __PACKAGE__->register_method({
> path => '',
> method => 'GET',
> description => "Directory index.",
> + permissions => {
> + check => ['perm', '/', [ 'Sys.Audit' ]],
> + },
> parameters => {
> additionalProperties => 0,
> properties => {},
> @@ -44,6 +47,9 @@ __PACKAGE__->register_method({
> path => 'nodes',
> method => 'GET',
> description => "Corosync node list.",
> + permissions => {
> + check => ['perm', '/', [ 'Sys.Audit' ]],
> + },
> parameters => {
> additionalProperties => 0,
> properties => {},
> @@ -73,6 +79,9 @@ __PACKAGE__->register_method({
> path => 'totem',
> method => 'GET',
> description => "Get corosync totem protocol settings.",
> + permissions => {
> + check => ['perm', '/', [ 'Sys.Audit' ]],
> + },
> parameters => {
> additionalProperties => 0,
> properties => {},
More information about the pve-devel
mailing list