diff options
author | bescoto <bescoto@2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109> | 2003-08-27 20:18:22 +0000 |
---|---|---|
committer | bescoto <bescoto@2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109> | 2003-08-27 20:18:22 +0000 |
commit | 9e9ac86ba4d50979975b624ce3948a1011af3fd1 (patch) | |
tree | 7e7b233f9715ac00ab78ff72d0df99fcd3b55d65 /rdiff-backup/rdiff_backup/Security.py | |
parent | a1a2ba7783c700cd73b640cac7388fa6c733bf8b (diff) | |
download | rdiff-backup-9e9ac86ba4d50979975b624ce3948a1011af3fd1.tar.gz |
Fixed various --restrict options, some refactoring
git-svn-id: http://svn.savannah.nongnu.org/svn/rdiff-backup/trunk@407 2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109
Diffstat (limited to 'rdiff-backup/rdiff_backup/Security.py')
-rw-r--r-- | rdiff-backup/rdiff_backup/Security.py | 42 |
1 files changed, 26 insertions, 16 deletions
diff --git a/rdiff-backup/rdiff_backup/Security.py b/rdiff-backup/rdiff_backup/Security.py index 919261a..6ee6aa6 100644 --- a/rdiff-backup/rdiff_backup/Security.py +++ b/rdiff-backup/rdiff_backup/Security.py @@ -117,35 +117,45 @@ def set_allowed_requests(sec_level): "Log.log_to_file", "SetConnections.add_redirected_conn", "RedirectedRun", - "sys.stdout.write"] + "sys.stdout.write", + "robust.install_signal_handlers"] if sec_level == "minimal": pass elif sec_level == "read-only" or sec_level == "update-only": allowed_requests.extend( ["C.make_file_dict", + "rpath.ea_get", + "rpath.acl_get", "log.Log.log_to_file", "os.getuid", "os.listdir", "Time.setcurtime_local", - "robust.Resume.ResumeCheck", - "backup.SourceStruct.split_initial_dsiter", - "backup.SourceStruct.get_diffs_and_finalize", "rpath.gzip_open_local_read", - "rpath.open_local_read"]) - if sec_level == "update-only": + "rpath.open_local_read", + "Hardlink.initialize_dictionaries"]) + if sec_level == "read-only": allowed_requests.extend( - ["Log.open_logfile_local", "Log.close_logfile_local", - "Log.close_logfile_allconn", "Log.log_to_file", - "log.Log.log_to_file", - "robust.SaveState.init_filenames", - "robust.SaveState.touch_last_file", - "backup.DestinationStruct.get_sigs", - "backup.DestinationStruct.patch_w_datadir_writes", - "backup.DestinationStruct.patch_and_finalize", - "backup.DestinationStruct.patch_increment_and_finalize", + ["fs_abilities.get_fsabilities_readonly", + "fs_abilities.get_fsabilities_restoresource", + "restore.MirrorStruct.set_mirror_and_rest_times", + "restore.MirrorStruct.initialize_rf_cache", + "restore.MirrorStruct.get_diffs", + "backup.SourceStruct.get_source_select", + "backup.SourceStruct.set_source_select", + "backup.SourceStruct.get_diffs"]) + elif sec_level == "update-only": + allowed_requests.extend( + ["log.Log.open_logfile_local", "log.Log.close_logfile_local", + "log.ErrorLog.open", "log.ErrorLog.isopen", + "log.ErrorLog.close", + "backup.DestinationStruct.set_rorp_cache", + "backup.DestinationStruct.get_sigs", + "backup.DestinationStruct.patch_and_increment", "Main.backup_touch_curmirror_local", + "Main.backup_remove_curmirror_local", "Globals.ITRB.increment_stat", "statistics.record_error", - "log.ErrorLog.write_if_open"]) + "log.ErrorLog.write_if_open", + "fs_abilities.get_fsabilities_readwrite"]) if Globals.server: allowed_requests.extend( ["SetConnections.init_connection_remote", |