[pve-devel] [PATCH access-control] acl: add missing SDN ACL paths to allowed list
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Nov 8 07:55:17 CET 2023
else it's not actually possible to define ACLs on them, which means they are
effectively root only instead of allowing their intended permission scheme.
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
src/PVE/AccessControl.pm | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index cc0f00b..9600e59 100644
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -1266,6 +1266,12 @@ sub check_path {
|/pool
|/pool/[[:alnum:]\.\-\_]+
|/sdn
+ |/sdn/controllers
+ |/sdn/controllers/[[:alnum:]\_\-]+
+ |/sdn/dns
+ |/sdn/dns/[[:alnum:]]+
+ |/sdn/ipams
+ |/sdn/ipams/[[:alnum:]]+
|/sdn/zones
|/sdn/zones/[[:alnum:]\.\-\_]+
|/sdn/zones/[[:alnum:]\.\-\_]+/[[:alnum:]\.\-\_]+
--
2.39.2
More information about the pve-devel
mailing list