From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 372D21FF13A for ; Wed, 01 Apr 2026 16:40:12 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 9C25730DAC; Wed, 1 Apr 2026 16:40:39 +0200 (CEST) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Subject: [PATCH pve-access-control v2 03/34] permissions: add ACL path for prefix-lists and route-maps Date: Wed, 1 Apr 2026 16:39:12 +0200 Message-ID: <20260401143957.386809-4-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260401143957.386809-1-s.hanreich@proxmox.com> References: <20260401143957.386809-1-s.hanreich@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1775054348015 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.791 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 1 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 1 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 1 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: YEDBM5BXDI5OHUYI5N3HAV3GG3FZ3FUJ X-Message-ID-Hash: YEDBM5BXDI5OHUYI5N3HAV3GG3FZ3FUJ X-MailFrom: s.hanreich@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Add new paths for route maps and prefix lists respectively. Route maps theoretically have multiple entries with an ordering number, but it doesn't really make sense to make permissions more granular than on a per-route map basis. Signed-off-by: Stefan Hanreich --- src/PVE/AccessControl.pm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm index 350e074..05c9d84 100644 --- a/src/PVE/AccessControl.pm +++ b/src/PVE/AccessControl.pm @@ -1293,6 +1293,10 @@ sub check_path { |/sdn/fabrics/[[:alnum:]]+ |/sdn/ipams |/sdn/ipams/[[:alnum:]]+ + |/sdn/prefix-lists + |/sdn/prefix-lists/[[:alnum:]]+ + |/sdn/route-maps + |/sdn/route-maps/[[:alnum:]]+ |/sdn/zones |/sdn/zones/[[:alnum:]\.\-\_]+ |/sdn/zones/[[:alnum:]\.\-\_]+/[[:alnum:]\.\-\_]+ -- 2.47.3