From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id C9C161FF14C for ; Fri, 12 Jun 2026 19:42:29 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id B12E718718; Fri, 12 Jun 2026 19:42:29 +0200 (CEST) From: Stoiko Ivanov To: pmg-devel@lists.proxmox.com Subject: [PATCH pmg-api v3 2/5] config: add log-tracker-base key Date: Fri, 12 Jun 2026 19:40:59 +0200 Message-ID: <20260612174145.1190233-3-s.ivanov@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260612174145.1190233-1-s.ivanov@proxmox.com> References: <20260612174145.1190233-1-s.ivanov@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1781286064866 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.084 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: HJ3OLSCYF6N7V2B5YEWEJJ3MIS7WQZ24 X-Message-ID-Hash: HJ3OLSCYF6N7V2B5YEWEJJ3MIS7WQZ24 X-MailFrom: s.ivanov@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: makes it possible to override the input-base parameter for pmg-log-tracker - functionality there was added in: 9816d19 ("fix #3657: allow scanning a configurable rotated log series") the option is restricted to root@pam, as suggested by Thomas, since enabling other admin users to open arbitrary files on the system might leak information, in case the parser in pmg-log-tracker matches something unexpected. To err on the side of caution - restrict it to root@pam, as we can always make it more liberal in the future, while restricting it later could break some users workflows. the pattern allows for a input-base with a maximal depth of 6 directories, which should cover all needs, and can be extended if there are deployments that need that (restricting to fewer directories would break backwards compat, hence the rather small limit). the default in the config is /var/log/syslog and will be explicitly provided to pmg-log-tracker if nothing is set in pmg.conf exposing the option in pmg.conf enables users to use a different log location for the daily work. Signed-off-by: Stoiko Ivanov --- src/PMG/Config.pm | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm index 943ae1ea..8973c92d 100644 --- a/src/PMG/Config.pm +++ b/src/PMG/Config.pm @@ -56,6 +56,19 @@ use warnings; use base qw(PMG::Config::Base); +PVE::JSONSchema::register_format('pmg-log-tracker-base', \&parse_log_tracker_base); + +sub parse_log_tracker_base { + my ($path, $noerr) = @_; + + if ($path !~ m!^/([^/\0]+/){0,6}[^/\0]+$! || $path =~ m!(?://|/\.{1,2}(?:/|$))!) { + return undef if $noerr; + die "log-tracker-base '$path' contains illegal characters\n"; + } + + return $path; +} + sub type { return 'admin'; } @@ -161,6 +174,12 @@ EODESC maxLength => 64 * 1024, default => '', }, + 'log-tracker-base' => { + description => "Location of rotated mail logs, input-base argument for pmg-log-tracker", + type => 'string', + format => 'pmg-log-tracker-base', + default => '/var/log/syslog', + }, }; } @@ -182,6 +201,7 @@ sub options { 'dkim-use-domain' => { optional => 1 }, 'admin-mail-from' => { optional => 1 }, 'consent-text' => { optional => 1 }, + 'log-tracker-base' => { optional => 1, root_only => 1 }, }; } -- 2.47.3