From: Alexandre Derumier <aderumier@odiso.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH pve-network 7/7] dhcp : dnsmasq: generate dbus policy
Date: Sat, 18 Nov 2023 15:13:14 +0100 [thread overview]
Message-ID: <20231118141314.2785997-8-aderumier@odiso.com> (raw)
In-Reply-To: <20231118141314.2785997-1-aderumier@odiso.com>
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
src/PVE/Network/SDN/Dhcp/Dnsmasq.pm | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
index 0dd6436..7b54532 100644
--- a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
+++ b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
@@ -151,6 +151,31 @@ sub configure_range {
sub before_configure {
my ($class, $dhcpid) = @_;
+ my $dbus_config = <<DBUSCFG;
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <policy user="root">
+ <allow own="uk.org.thekelleys.dnsmasq.$dhcpid"/>
+ <allow send_destination="uk.org.thekelleys.dnsmasq.$dhcpid"/>
+ </policy>
+ <policy user="dnsmasq">
+ <allow own="uk.org.thekelleys.dnsmasq.$dhcpid"/>
+ <allow send_destination="uk.org.thekelleys.dnsmasq.$dhcpid"/>
+ </policy>
+ <policy context="default">
+ <deny own="uk.org.thekelleys.dnsmasq.$dhcpid"/>
+ <deny send_destination="uk.org.thekelleys.dnsmasq.$dhcpid"/>
+ </policy>
+</busconfig>
+DBUSCFG
+
+ PVE::Tools::file_set_contents(
+ "/etc/dbus-1/system.d/dnsmasq.$dhcpid.conf",
+ $dbus_config
+ );
+
my $config_directory = "$DNSMASQ_CONFIG_ROOT/$dhcpid";
mkdir($config_directory, 755) if !-d $config_directory;
@@ -201,6 +226,7 @@ sub after_configure {
my $service_name = "dnsmasq\@$dhcpid";
+ PVE::Tools::run_command(['systemctl', 'reload', 'dbus']);
PVE::Tools::run_command(['systemctl', 'enable', $service_name]);
PVE::Tools::run_command(['systemctl', 'restart', $service_name]);
}
--
2.39.2
next prev parent reply other threads:[~2023-11-18 14:13 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-18 14:13 [pve-devel] [PATCH pve-network 0/7] dhcp v4 Alexandre Derumier
2023-11-18 14:13 ` [pve-devel] [PATCH pve-network 1/7] fix subnet tests Alexandre Derumier
2023-11-18 14:13 ` [pve-devel] [PATCH pve-network 2/7] api2: ipam : remove add|del_mapping in mac/ip management Alexandre Derumier
2023-11-18 14:13 ` [pve-devel] [PATCH pve-network 3/7] dhcp : remove del_ip_mapping Alexandre Derumier
2023-11-18 14:13 ` [pve-devel] [PATCH pve-network 4/7] dnsmasq: configure static range for each subnet Alexandre Derumier
2023-11-18 14:13 ` [pve-devel] [PATCH pve-network 5/7] dnsmasq: enable dbus && purge old ip lease on reservation Alexandre Derumier
2023-11-18 14:13 ` [pve-devel] [PATCH pve-network 6/7] dnsmasq: fix ipv6 support Alexandre Derumier
2023-11-18 14:13 ` Alexandre Derumier [this message]
2023-11-20 16:42 ` [pve-devel] applied-series: [PATCH pve-network 0/7] dhcp v4 Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231118141314.2785997-8-aderumier@odiso.com \
--to=aderumier@odiso.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.