openwrt-mirror/luci
1
0
Fork 0
mirror of https://github.com/openwrt/luci.git synced 2025-12-21 19:14:34 +04:00
Code Issues Packages Projects Releases Wiki Activity

luci-app-*: migrate LogreadBox consumers to use new permission ACLs

Browse Source 
"ubus": {
			"log": [ "read" ]
		}

Signed-off-by: Paul Donald <newtwen+github@gmail.com>
This commit is contained in:
Paul Donald
2025-10-20 13:11:05 +02:00
parent b59e51a831
commit fd830434cb
6 changed files with 34 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
applications/luci-app-acme/root/usr/share/rpcd/acl.d/luci-app-acme.json
View File

@@ -1,20 +1,21 @@
{
"luci-app-acme": {
"description": "Grant UCI access for luci-app-acme",
"read": {
"cgi-io": [ "exec" ],
"file": {
"/usr/lib/acme/client/dnsapi": [ "list" ],
"/proc/sys/kernel/hostname": [ "read" ],
"/etc/ssl/acme": [ "list" ],
"/usr/libexec/acmesh-dnsinfo.sh": [ "exec" ],
"/sbin/logread -e acme": [ "exec" ],
"/usr/sbin/logread -e acme": [ "exec" ]
},
"uci": [ "acme", "ddns" ]
},
"write": {
"uci": [ "acme" ]
}
}
"luci-app-acme": {
"description": "Grant UCI access for luci-app-acme",
"read": {
"cgi-io": [ "exec" ],
"file": {
"/usr/lib/acme/client/dnsapi": [ "list" ],
"/proc/sys/kernel/hostname": [ "read" ],
"/etc/ssl/acme": [ "list" ],
"/usr/libexec/acmesh-dnsinfo.sh": [ "exec" ],
},
"uci": [ "acme", "ddns" ],
"ubus": {
"log": [ "read" ]
}
},
"write": {
"uci": [ "acme" ]
}
}
}

9
applications/luci-app-adblock/root/usr/share/rpcd/acl.d/luci-app-adblock.json
View File

@@ -33,12 +33,6 @@
"/var/run/adb_runtime.json": [
"read"
],
"/sbin/logread -e adblock-": [
"exec"
],
"/usr/sbin/logread -e adblock-": [
"exec"
],
"/etc/init.d/adblock reload": [
"exec"
],
@@ -61,6 +55,9 @@
"exec"
]
},
"ubus": {
"log": [ "read" ]
},
"uci": [
"adblock"
]

15
applications/luci-app-banip/root/usr/share/rpcd/acl.d/luci-app-banip.json
View File

@@ -30,18 +30,6 @@
"/var/run/banip.lock": [
"read"
],
"/sbin/logread -e banIP-": [
"exec"
],
"/usr/sbin/logread -e banIP-": [
"exec"
],
"/sbin/logread -e banIP/": [
"exec"
],
"/usr/sbin/logread -e banIP/": [
"exec"
],
"/usr/sbin/nft -tj list sets": [
"exec"
],
@@ -70,6 +58,9 @@
"exec"
]
},
"ubus": {
"log": [ "read" ]
},
"uci": [
"banip"
]

7
applications/luci-app-clamav/root/usr/share/rpcd/acl.d/luci-app-clamav.json
View File

@@ -3,15 +3,16 @@
"description": "Grant UCI access for luci-app-clamav",
"read": {
"file": [ "/tmp/*" ],
"ubus": {
"log": [ "read" ]
},
"uci": [ "clamav", "clamav-milter", "freshclam" ]
},
"write": {
"file": {
"/etc/init.d/clamav *": [ "exec" ],
"/etc/init.d/clamav-milter *": [ "exec" ],
"/etc/init.d/freshclam *": [ "exec" ],
"/sbin/logread -e clamav": [ "exec" ],
"/usr/sbin/logread -e clamav": [ "exec" ]
"/etc/init.d/freshclam *": [ "exec" ]
},
"uci": [ "clamav", "clamav-milter", "freshclam" ]
}

4
applications/luci-app-nextdns/root/usr/share/rpcd/acl.d/luci-app-nextdns.json
View File

@@ -2,8 +2,8 @@
"luci-app-nextdns": {
"description": "Grant logread access to LuCI app nextdns",
"read": {
"file": {
"/sbin/logread": [ "exec" ]
"ubus": {
"log": [ "read" ]
},
"uci": [ "nextdns" ]
},

5
applications/luci-app-travelmate/root/usr/share/rpcd/acl.d/luci-app-travelmate.json
View File

@@ -15,14 +15,15 @@
"/var/run/travelmate.scan": [ "read" ],
"/var/state/travelmate.refresh": [ "read" ],
"/tmp/trm_runtime.json": [ "read" ],
"/sbin/logread -e trm-": [ "exec" ],
"/usr/sbin/logread -e trm-": [ "exec" ],
"/sbin/ifup *": [ "exec" ],
"/etc/init.d/travelmate start" : [ "exec" ],
"/etc/init.d/travelmate stop" : [ "exec" ],
"/etc/init.d/travelmate setup [0-9a-z_]* [0-9a-z_]* [0-9]*" : [ "exec" ],
"/etc/init.d/travelmate scan radio[0-1]" : [ "exec" ]
},
"ubus": {
"log": [ "read" ]
},
"uci": [ "travelmate", "wireless" ]
}
}