Mirror/pve-network
1
0
Fork 1
mirror of git://git.proxmox.com/git/pve-network.git synced 2025-04-30 19:27:11 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

dhcp : dnsmasq: generate dbus policy

Browse source 
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
This commit is contained in:
Alexandre Derumier 2023-11-18 15:13:14 +01:00 committed by Thomas Lamprecht
parent a26a43bf97
commit 39062bc53a
1 changed files with 26 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
View file

@ -151,6 +151,31 @@ sub configure_range {
sub before_configure { sub before_configure {
my ($class, $dhcpid) = @_; my ($class, $dhcpid) = @_;
my $dbus_config = <<DBUSCFG;
<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="root">
<allow own="uk.org.thekelleys.dnsmasq.$dhcpid"/>
<allow send_destination="uk.org.thekelleys.dnsmasq.$dhcpid"/>
</policy>
<policy user="dnsmasq">
<allow own="uk.org.thekelleys.dnsmasq.$dhcpid"/>
<allow send_destination="uk.org.thekelleys.dnsmasq.$dhcpid"/>
</policy>
<policy context="default">
<deny own="uk.org.thekelleys.dnsmasq.$dhcpid"/>
<deny send_destination="uk.org.thekelleys.dnsmasq.$dhcpid"/>
</policy>
</busconfig>
DBUSCFG
PVE::Tools::file_set_contents(
"/etc/dbus-1/system.d/dnsmasq.$dhcpid.conf",
$dbus_config
);
my $config_directory = "$DNSMASQ_CONFIG_ROOT/$dhcpid"; my $config_directory = "$DNSMASQ_CONFIG_ROOT/$dhcpid";
mkdir($config_directory, 755) if !-d $config_directory; mkdir($config_directory, 755) if !-d $config_directory;
@ -201,6 +226,7 @@ sub after_configure {
my $service_name = "dnsmasq\@$dhcpid"; my $service_name = "dnsmasq\@$dhcpid";
PVE::Tools::run_command(['systemctl', 'reload', 'dbus']);
PVE::Tools::run_command(['systemctl', 'enable', $service_name]); PVE::Tools::run_command(['systemctl', 'enable', $service_name]);
PVE::Tools::run_command(['systemctl', 'restart', $service_name]); PVE::Tools::run_command(['systemctl', 'restart', $service_name]);
} }