[lxc-devel] [lxd/master] lxd/events: Handle default permissiosn in projects

stgraber on Github lxc-bot at linuxcontainers.org
Fri Oct 9 15:15:54 UTC 2020


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20201009/0f501562/attachment.bin>
-------------- next part --------------
From a4808d30eec836729125ca6378f076a34e46a842 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 9 Oct 2020 11:15:10 -0400
Subject: [PATCH] lxd/events: Handle default permissiosn in projects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/events.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lxd/events.go b/lxd/events.go
index 1c58ce99db..80b2378dbd 100644
--- a/lxd/events.go
+++ b/lxd/events.go
@@ -13,6 +13,7 @@ import (
 )
 
 var eventTypes = []string{"logging", "operation", "lifecycle"}
+var privilegedEventTypes = []string{"logging"}
 
 var eventsCmd = APIEndpoint{
 	Path: "events",
@@ -37,7 +38,14 @@ func eventsSocket(d *Daemon, r *http.Request, w http.ResponseWriter) error {
 	project := projectParam(r)
 	types := strings.Split(r.FormValue("type"), ",")
 	if len(types) == 1 && types[0] == "" {
-		types = eventTypes
+		types = []string{}
+		for _, entry := range eventTypes {
+			if !d.userIsAdmin(r) && shared.StringInSlice(entry, privilegedEventTypes) {
+				continue
+			}
+
+			types = append(types, entry)
+		}
 	}
 
 	// Validate event types.


More information about the lxc-devel mailing list