cluster config: mark qdevice end point as protected

The qdevice status endpoint retrieves some required info via writing
a status command to the qdevice socket
(/var/run/corosync-qdevice/corosync-qdevice.sock) and then parsing
the response.
Since the socket has 0755 permissions and is owned by root it can not
be written by the unprivileged pveproxy that runs as www-data user.

Relay the endpoint to the privileged pvedaemon by marking it as
`protected` to allow the end point to retrieve data from the qdevice
properly.

Fixes an issue where the api would return an empty object.

Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
Tested-by: Oguz Bektas <o.bektas@proxmox.com>
 [ T: extend commit message ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/data/PVE/API2/ClusterConfig.pm b/data/PVE/API2/ClusterConfig.pm
index 5a6a1accd8b3c487f572daed8fdd319f60b00a2b..e7efe37be58f9193b7f480535d8ed7987645a35a 100644 (file)
--- a/data/PVE/API2/ClusterConfig.pm
+++ b/data/PVE/API2/ClusterConfig.pm
@@ -661,6 +661,7 @@ __PACKAGE__->register_method ({
     name => 'status',
     path => 'qdevice',
     method => 'GET',
+    protected => 1,
     description => 'Get QDevice status',
     permissions => {
        check => ['perm', '/', [ 'Sys.Audit' ]],