[pve-devel] [PATCH cluster] Require Sys.Audit to read the cluster configuration
Emmanuel Kasper
e.kasper at proxmox.com
Mon Mar 6 11:42:30 CET 2017
Up to now only root could see the corosync cluster config.
Sys.Audit is the same permission required
for reading the HA Config and the HA Resources Config.
---
NB: a patch for the permission description in user management will folow
data/PVE/API2/ClusterConfig.pm | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/data/PVE/API2/ClusterConfig.pm b/data/PVE/API2/ClusterConfig.pm
index ab807bd..65b376f 100644
--- a/data/PVE/API2/ClusterConfig.pm
+++ b/data/PVE/API2/ClusterConfig.pm
@@ -16,6 +16,9 @@ __PACKAGE__->register_method({
path => '',
method => 'GET',
description => "Directory index.",
+ permissions => {
+ check => ['perm', '/', [ 'Sys.Audit' ]],
+ },
parameters => {
additionalProperties => 0,
properties => {},
@@ -44,6 +47,9 @@ __PACKAGE__->register_method({
path => 'nodes',
method => 'GET',
description => "Corosync node list.",
+ permissions => {
+ check => ['perm', '/', [ 'Sys.Audit' ]],
+ },
parameters => {
additionalProperties => 0,
properties => {},
@@ -73,6 +79,9 @@ __PACKAGE__->register_method({
path => 'totem',
method => 'GET',
description => "Get corosync totem protocol settings.",
+ permissions => {
+ check => ['perm', '/', [ 'Sys.Audit' ]],
+ },
parameters => {
additionalProperties => 0,
properties => {},
--
2.1.4
More information about the pve-devel
mailing list