[libvirt] [PATCH] Add documentation for access control system
Daniel P. Berrange
berrange at redhat.com
Fri Aug 9 15:51:02 UTC 2013
On Fri, Aug 09, 2013 at 09:47:46AM -0600, Eric Blake wrote:
> On 08/08/2013 05:27 AM, Daniel P. Berrange wrote:
> > +aclperms.htmlinc: $(top_srcdir)/src/access/viraccessperm.h \
> > + genaclperms.pl Makefile.am
> > + $(PERL) genaclperms.pl $< > $@
>
> Did you test a VPATH build?
No, but I will do.
> > + <p>
> > + And to reset back to the default (no-op) driver
> > + </p>
> > +
> > +
> > + <pre>
> > +# augtool -s rm /files/etc/libvirt/libvirtd.conf/access_drivers
> > + </pre>
> > +
> > + <p>
> > + <strong>Note:</strong> changes to libvirtd.conf require that
> > + the libvirtd daemon be restarted.
>
> Isn't sending SIGHUP sufficient, or does it have to be a full restart?
No, SIGHUP only reloads .xml files.
> > + <pre>
> > +polkit.addRule(function(action, subject) {
> > + if (action.id == "org.libvirt.api.connect.getattr" &&
> > + subject.user == "berrange") {
> > + if (action._detail_connect_driver == 'QEMU') {
> > + return polkit.Result.YES;
> > + } else {
> > + return polkit.Result.NO;
> > + }
> > + }
>
> This function has no return statement when the initial 'if' is not
> satisfied; is that valid?
Yeah, it will just carry on with other polkit rules that are defined
in other files, eventually fallback back to the default policy
defined for the action.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list