From 665156658d8f492406ab4272b461d7ed9d6716d2 Mon Sep 17 00:00:00 2001
From: Stefan Sterz <s.sterz@proxmox.com>
Date: Wed, 11 May 2022 11:27:07 +0200
Subject: [PATCH] cluster config: mark qdevice end point as protected

The qdevice status endpoint retrieves some required info via writing
a status command to the qdevice socket
(/var/run/corosync-qdevice/corosync-qdevice.sock) and then parsing
the response.
Since the socket has 0755 permissions and is owned by root it can not
be written by the unprivileged pveproxy that runs as www-data user.

Relay the endpoint to the privileged pvedaemon by marking it as
`protected` to allow the end point to retrieve data from the qdevice
properly.

Fixes an issue where the api would return an empty object.

Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
Tested-by: Oguz Bektas <o.bektas@proxmox.com>
 [ T: extend commit message ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 data/PVE/API2/ClusterConfig.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/PVE/API2/ClusterConfig.pm b/data/PVE/API2/ClusterConfig.pm
index 5a6a1ac..e7efe37 100644
--- a/data/PVE/API2/ClusterConfig.pm
+++ b/data/PVE/API2/ClusterConfig.pm
@@ -661,6 +661,7 @@ __PACKAGE__->register_method ({
     name => 'status',
     path => 'qdevice',
     method => 'GET',
+    protected => 1,
     description => 'Get QDevice status',
     permissions => {
 	check => ['perm', '/', [ 'Sys.Audit' ]],
-- 
2.39.2