file: add path based read/write/exec ACL checks
Introduce ACL checks to verify that the requested path may be read, written
or executed. This allows to restrict ubus file commands to specific paths.
To setup the required ACLs, the following ubus command may be used
on the command line:
ubus call session grant '{
"ubus_rpc_session": "
d41d8cd98f00b204e9800998ecf8427e",
"scope": "file",
"objects": [
[ "/etc", "read" ],
[ "/etc/*", "write" ],
[ "/sbin/sysupgrade", "exec" ]
]
}'
The "read", "list", "stat" and "md5" procedures require "read" permissions,
the "write" procedure requires "write" permission and the "exec" procedure
requires "exec" permissions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
projects / oweals / rpcd.git / commit