[pve-devel] [PATCH pve-access-control 2/2] rpcenvironnment: add check_sdn_bridge

DERUMIER, Alexandre alexandre.derumier at groupe-cyllene.com
Tue Jun 6 14:15:11 CEST 2023

> > +       # check propagate on bridge itself
> > +       return 1 if $self->check_any($username, $path, $privs,
> > $noerr);
> this doesn't actually check propagation though? for that you could
> either:
> - use $self->permissions (it returns the propagate bit)
> - query a non-existing vlan child path with check_any

do we really need to check propagation ?

Here, we want to check if user have permission to the bridge,

if user have an acl on a vlan of the bridge


if user have access to the bridge (propagate or not).

for example, if I check with a dummy vlanid ,/sdn/zones/myzone/vnet1/0,

It'll be ok if user have propagate on vnet1,  but not if user
don't have propagate

More information about the pve-devel mailing list