[libvirt] [PATCH v2] examples: Add example polkit ACL rules

Jiri Denemark jdenemar at redhat.com
Fri Sep 4 15:27:24 UTC 2015 

On Fri, Sep 04, 2015 at 13:26:17 +0100, Daniel P. Berrange wrote:
> On Fri, Sep 04, 2015 at 02:19:09PM +0200, Jiri Denemark wrote:
> > Creating ACL rules is not exactly easy and existing examples are pretty
> > simple. This patch adds a somewhat complex example which defines several
> > roles. Admins can do everything, operators can do basic operations
> > on any domain and several groups of users who act as operators but only
> > on a limited set of domains.
> > 
> > Signed-off-by: Jiri Denemark <jdenemar at redhat.com>
> > ---
> >  Makefile.am                       |   2 +-
> >  configure.ac                      |   1 +
> >  examples/polkit/Makefile.am       |  17 ++++++
> >  examples/polkit/libvirt-acl.rules | 115 ++++++++++++++++++++++++++++++++++++++
> >  libvirt.spec.in                   |   3 +
> >  5 files changed, 137 insertions(+), 1 deletion(-)
> >  create mode 100644 examples/polkit/Makefile.am
> >  create mode 100644 examples/polkit/libvirt-acl.rules
> > 
> > diff --git a/Makefile.am b/Makefile.am
> > index 91b943b..d338d5a 100644
> > --- a/Makefile.am
> > +++ b/Makefile.am
> > @@ -23,7 +23,7 @@ SUBDIRS = . gnulib/lib include src daemon tools docs gnulib/tests \
> >    tests po examples/object-events examples/hellolibvirt \
> >    examples/dominfo examples/domsuspend examples/apparmor \
> >    examples/xml/nwfilter examples/openauth examples/systemtap \
> > -  tools/wireshark examples/dommigrate \
> > +  tools/wireshark examples/dommigrate examples/polkit \
> >    examples/lxcconvert examples/domtop
> >  
> >  ACLOCAL_AMFLAGS = -I m4
> > diff --git a/configure.ac b/configure.ac
> > index 8471a46..136c2e7 100644
> > --- a/configure.ac
> > +++ b/configure.ac
> > @@ -2809,6 +2809,7 @@ AC_CONFIG_FILES([\
> >          examples/systemtap/Makefile \
> >          examples/xml/nwfilter/Makefile \
> >          examples/lxcconvert/Makefile \
> > +        examples/polkit/Makefile \
> >          tools/wireshark/Makefile \
> >          tools/wireshark/src/Makefile])
> >  AC_OUTPUT
> > diff --git a/examples/polkit/Makefile.am b/examples/polkit/Makefile.am
> > new file mode 100644
> > index 0000000..4d213e8
> > --- /dev/null
> > +++ b/examples/polkit/Makefile.am
> > @@ -0,0 +1,17 @@
> > +## Copyright (C) 2015 Red Hat, Inc.
> > +##
> > +## This library is free software; you can redistribute it and/or
> > +## modify it under the terms of the GNU Lesser General Public
> > +## License as published by the Free Software Foundation; either
> > +## version 2.1 of the License, or (at your option) any later version.
> > +##
> > +## This library is distributed in the hope that it will be useful,
> > +## but WITHOUT ANY WARRANTY; without even the implied warranty of
> > +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> > +## Lesser General Public License for more details.
> > +##
> > +## You should have received a copy of the GNU Lesser General Public
> > +## License along with this library.  If not, see
> > +## <http://www.gnu.org/licenses/>.
> > +
> > +EXTRA_DIST = libvirt-acl.rules
> > diff --git a/examples/polkit/libvirt-acl.rules b/examples/polkit/libvirt-acl.rules
> > new file mode 100644
> > index 0000000..5c26593
> > --- /dev/null
> > +++ b/examples/polkit/libvirt-acl.rules
> > @@ -0,0 +1,115 @@
> 
> 
> It would be beneficial to put some docs in this file header here
> to explain to people what this example is achieving.
... 
> ACK

Thanks, I added the documentation and pushed this patch.

Jirka

More information about the libvir-list mailing list