From fd830434cb5fec77b258f22655dced237ea81f0b Mon Sep 17 00:00:00 2001 From: Paul Donald Date: Mon, 20 Oct 2025 13:11:05 +0200 Subject: [PATCH] luci-app-*: migrate LogreadBox consumers to use new permission ACLs "ubus": { "log": [ "read" ] } Signed-off-by: Paul Donald --- .../usr/share/rpcd/acl.d/luci-app-acme.json | 37 ++++++++++--------- .../share/rpcd/acl.d/luci-app-adblock.json | 9 ++--- .../usr/share/rpcd/acl.d/luci-app-banip.json | 15 ++------ .../usr/share/rpcd/acl.d/luci-app-clamav.json | 7 ++-- .../share/rpcd/acl.d/luci-app-nextdns.json | 4 +- .../share/rpcd/acl.d/luci-app-travelmate.json | 5 ++- 6 files changed, 34 insertions(+), 43 deletions(-) diff --git a/applications/luci-app-acme/root/usr/share/rpcd/acl.d/luci-app-acme.json b/applications/luci-app-acme/root/usr/share/rpcd/acl.d/luci-app-acme.json index 4eacfae1bf..dde437411a 100644 --- a/applications/luci-app-acme/root/usr/share/rpcd/acl.d/luci-app-acme.json +++ b/applications/luci-app-acme/root/usr/share/rpcd/acl.d/luci-app-acme.json @@ -1,20 +1,21 @@ { - "luci-app-acme": { - "description": "Grant UCI access for luci-app-acme", - "read": { - "cgi-io": [ "exec" ], - "file": { - "/usr/lib/acme/client/dnsapi": [ "list" ], - "/proc/sys/kernel/hostname": [ "read" ], - "/etc/ssl/acme": [ "list" ], - "/usr/libexec/acmesh-dnsinfo.sh": [ "exec" ], - "/sbin/logread -e acme": [ "exec" ], - "/usr/sbin/logread -e acme": [ "exec" ] - }, - "uci": [ "acme", "ddns" ] - }, - "write": { - "uci": [ "acme" ] - } - } + "luci-app-acme": { + "description": "Grant UCI access for luci-app-acme", + "read": { + "cgi-io": [ "exec" ], + "file": { + "/usr/lib/acme/client/dnsapi": [ "list" ], + "/proc/sys/kernel/hostname": [ "read" ], + "/etc/ssl/acme": [ "list" ], + "/usr/libexec/acmesh-dnsinfo.sh": [ "exec" ], + }, + "uci": [ "acme", "ddns" ], + "ubus": { + "log": [ "read" ] + } + }, + "write": { + "uci": [ "acme" ] + } + } } diff --git a/applications/luci-app-adblock/root/usr/share/rpcd/acl.d/luci-app-adblock.json b/applications/luci-app-adblock/root/usr/share/rpcd/acl.d/luci-app-adblock.json index 5fc914d3e7..b0be565571 100644 --- a/applications/luci-app-adblock/root/usr/share/rpcd/acl.d/luci-app-adblock.json +++ b/applications/luci-app-adblock/root/usr/share/rpcd/acl.d/luci-app-adblock.json @@ -33,12 +33,6 @@ "/var/run/adb_runtime.json": [ "read" ], - "/sbin/logread -e adblock-": [ - "exec" - ], - "/usr/sbin/logread -e adblock-": [ - "exec" - ], "/etc/init.d/adblock reload": [ "exec" ], @@ -61,6 +55,9 @@ "exec" ] }, + "ubus": { + "log": [ "read" ] + }, "uci": [ "adblock" ] diff --git a/applications/luci-app-banip/root/usr/share/rpcd/acl.d/luci-app-banip.json b/applications/luci-app-banip/root/usr/share/rpcd/acl.d/luci-app-banip.json index ffff57aeea..b5884a6fb7 100644 --- a/applications/luci-app-banip/root/usr/share/rpcd/acl.d/luci-app-banip.json +++ b/applications/luci-app-banip/root/usr/share/rpcd/acl.d/luci-app-banip.json @@ -30,18 +30,6 @@ "/var/run/banip.lock": [ "read" ], - "/sbin/logread -e banIP-": [ - "exec" - ], - "/usr/sbin/logread -e banIP-": [ - "exec" - ], - "/sbin/logread -e banIP/": [ - "exec" - ], - "/usr/sbin/logread -e banIP/": [ - "exec" - ], "/usr/sbin/nft -tj list sets": [ "exec" ], @@ -70,6 +58,9 @@ "exec" ] }, + "ubus": { + "log": [ "read" ] + }, "uci": [ "banip" ] diff --git a/applications/luci-app-clamav/root/usr/share/rpcd/acl.d/luci-app-clamav.json b/applications/luci-app-clamav/root/usr/share/rpcd/acl.d/luci-app-clamav.json index 06529a01f3..26f2c0b4f8 100644 --- a/applications/luci-app-clamav/root/usr/share/rpcd/acl.d/luci-app-clamav.json +++ b/applications/luci-app-clamav/root/usr/share/rpcd/acl.d/luci-app-clamav.json @@ -3,15 +3,16 @@ "description": "Grant UCI access for luci-app-clamav", "read": { "file": [ "/tmp/*" ], + "ubus": { + "log": [ "read" ] + }, "uci": [ "clamav", "clamav-milter", "freshclam" ] }, "write": { "file": { "/etc/init.d/clamav *": [ "exec" ], "/etc/init.d/clamav-milter *": [ "exec" ], - "/etc/init.d/freshclam *": [ "exec" ], - "/sbin/logread -e clamav": [ "exec" ], - "/usr/sbin/logread -e clamav": [ "exec" ] + "/etc/init.d/freshclam *": [ "exec" ] }, "uci": [ "clamav", "clamav-milter", "freshclam" ] } diff --git a/applications/luci-app-nextdns/root/usr/share/rpcd/acl.d/luci-app-nextdns.json b/applications/luci-app-nextdns/root/usr/share/rpcd/acl.d/luci-app-nextdns.json index f6425519a0..035d0db0d7 100644 --- a/applications/luci-app-nextdns/root/usr/share/rpcd/acl.d/luci-app-nextdns.json +++ b/applications/luci-app-nextdns/root/usr/share/rpcd/acl.d/luci-app-nextdns.json @@ -2,8 +2,8 @@ "luci-app-nextdns": { "description": "Grant logread access to LuCI app nextdns", "read": { - "file": { - "/sbin/logread": [ "exec" ] + "ubus": { + "log": [ "read" ] }, "uci": [ "nextdns" ] }, diff --git a/applications/luci-app-travelmate/root/usr/share/rpcd/acl.d/luci-app-travelmate.json b/applications/luci-app-travelmate/root/usr/share/rpcd/acl.d/luci-app-travelmate.json index 35fe60aeb9..c15c0b8f39 100644 --- a/applications/luci-app-travelmate/root/usr/share/rpcd/acl.d/luci-app-travelmate.json +++ b/applications/luci-app-travelmate/root/usr/share/rpcd/acl.d/luci-app-travelmate.json @@ -15,14 +15,15 @@ "/var/run/travelmate.scan": [ "read" ], "/var/state/travelmate.refresh": [ "read" ], "/tmp/trm_runtime.json": [ "read" ], - "/sbin/logread -e trm-": [ "exec" ], - "/usr/sbin/logread -e trm-": [ "exec" ], "/sbin/ifup *": [ "exec" ], "/etc/init.d/travelmate start" : [ "exec" ], "/etc/init.d/travelmate stop" : [ "exec" ], "/etc/init.d/travelmate setup [0-9a-z_]* [0-9a-z_]* [0-9]*" : [ "exec" ], "/etc/init.d/travelmate scan radio[0-1]" : [ "exec" ] }, + "ubus": { + "log": [ "read" ] + }, "uci": [ "travelmate", "wireless" ] } } -- 2.30.2