luci-mod-status: nftables.js: fix OOM on big nftables IP sets

[project/luci.git] / modules / luci-mod-status / root / usr / share / rpcd / acl.d / luci-mod-status.json

{
        "luci-mod-status-realtime": {
                "description": "Grant access to realtime statistics",
                "read": {
                        "ubus": {
                                "luci": [ "getConntrackList", "getRealtimeStats" ],
                                "network.rrdns": [ "lookup" ]
                        }
                }
        },

        "luci-mod-status-processes": {
                "description": "Grant access to process status",
                "read": {
                        "ubus": {
                                "luci": [ "getProcessList" ]
                        }
                },
                "write": {
                        "file": {
                                "/bin/kill": [ "exec" ]
                        },
                        "ubus": {
                                "file": [ "exec" ]
                        }
                }
        },

        "luci-mod-status-logs": {
                "description": "Grant access to system logs",
                "read": {
                        "cgi-io": [ "exec" ],
                        "file": {
                                "/bin/dmesg -r": [ "exec" ],
                                "/sbin/logread": [ "stat" ],
                                "/sbin/logread -e ^": [ "exec" ],
                                "/usr/sbin/logread": [ "stat" ],
                                "/usr/sbin/logread -e ^": [ "exec" ]
                        },
                        "ubus": {
                                "file": [ "stat" ]
                        }
                }
        },

        "luci-mod-status-routes": {
                "description": "Grant access to routing status",
                "read": {
                        "file": {
                                "/sbin/ip -[46] neigh show": [ "exec" ],
                                "/sbin/ip -[46] route show table all": [ "exec" ],
                                "/sbin/ip -[46] rule show": [ "exec" ]
                        },
                        "ubus": {
                                "file": [ "exec" ]
                        }
                }
        },

        "luci-mod-status-channel_analysis": {
                "description": "Grant access to wireless channel status",
                "read": {
                        "ubus": {
                                "iwinfo": [ "info", "freqlist" ]
                        }
                }
        },

        "luci-mod-status-firewall": {
                "description": "Grant access to firewall status",
                "read": {
                        "cgi-io": [ "exec" ],
                        "file": {
                                "/usr/sbin/nft --terse --json list ruleset": [ "exec" ],
                                "/usr/sbin/iptables --line-numbers -w -nvxL -t *": [ "exec" ],
                                "/usr/sbin/ip6tables --line-numbers -w -nvxL -t *": [ "exec" ],
                                "/usr/sbin/ip6tables": [ "list" ],
                                "/usr/sbin/iptables-save": [ "exec" ],
                                "/usr/sbin/ip6tables-save": [ "exec" ]
                        },
                        "ubus": {
                                "file": [ "stat" ]
                        }
                },
                "write": {
                        "cgi-io": [ "exec" ],
                        "file": {
                                "/etc/init.d/firewall restart": [ "exec" ],
                                "/usr/sbin/iptables -Z": [ "exec" ],
                                "/usr/sbin/ip6tables -Z": [ "exec" ]
                        },
                        "ubus": {
                                "file": [ "exec" ]
                        }
                }
        }
}