From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id EEA1A1FF141 for ; Tue, 05 May 2026 17:40:11 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C4165A904; Tue, 5 May 2026 17:38:21 +0200 (CEST) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Subject: [PATCH pve-access-control v5 03/46] permissions: add ACL path for prefix-lists and route-maps Date: Tue, 5 May 2026 17:36:31 +0200 Message-ID: <20260505153720.412180-4-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260505153720.412180-1-s.hanreich@proxmox.com> References: <20260505153720.412180-1-s.hanreich@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1777995341024 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.655 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [accesscontrol.pm] Message-ID-Hash: H3UEC47UWB3TFZDVTXCB6JR45VS7WNJB X-Message-ID-Hash: H3UEC47UWB3TFZDVTXCB6JR45VS7WNJB X-MailFrom: s.hanreich@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Add new paths for route maps and prefix lists respectively. Route maps theoretically have multiple entries with an ordering number, but it doesn't really make sense to make permissions more granular than on a per-route map basis. Signed-off-by: Stefan Hanreich --- src/PVE/AccessControl.pm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm index 10e1f27..0d632b3 100644 --- a/src/PVE/AccessControl.pm +++ b/src/PVE/AccessControl.pm @@ -1300,6 +1300,10 @@ sub check_path { |/sdn/fabrics/[[:alnum:]]+ |/sdn/ipams |/sdn/ipams/[[:alnum:]]+ + |/sdn/prefix-lists + |/sdn/prefix-lists/[[:alnum:]]+ + |/sdn/route-maps + |/sdn/route-maps/[[:alnum:]]+ |/sdn/zones |/sdn/zones/[[:alnum:]\.\-\_]+ |/sdn/zones/[[:alnum:]\.\-\_]+/[[:alnum:]\.\-\_]+ -- 2.47.3