This website requires JavaScript.
Explore
Help
Sign In
OpenE2K
/
qemu-e2k
Watch
13
Star
4
Fork
You've already forked qemu-e2k
0
Code
Issues
4
Pull Requests
Projects
2
Releases
Activity
fb5c4ebc08
qemu-e2k
/
authz
/
Makefile.objs
3 lines
46 B
Makefile
Raw
Normal View
History
Unescape
Escape
authz: add QAuthZ object as an authorization base class The current qemu_acl module provides a simple access control list facility inside QEMU, which is used via a set of monitor commands acl_show, acl_policy, acl_add, acl_remove & acl_reset. Note there is no ability to create ACLs - the network services (eg VNC server) were expected to create ACLs that they want to check. There is also no way to define ACLs on the command line, nor potentially integrate with external authorization systems like polkit, pam, ldap lookup, etc. The QAuthZ object defines a minimal abstract QOM class that can be subclassed for creating different authorization providers. Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-10-21 14:16:21 +02:00
authz-obj-y
+=
base.o
authz: add QAuthZSimple object type for easy whitelist auth checks In many cases a single VM will just need to whitelist a single identity as the allowed user of network services. This is especially the case for TLS live migration (optionally with NBD storage) where we just need to whitelist the x509 certificate distinguished name of the source QEMU host. Via QMP this can be configured with: { "execute": "object-add", "arguments": { "qom-type": "authz-simple", "id": "authz0", "props": { "identity": "fred" } } } Or via the command line -object authz-simple,id=authz0,identity=fred Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2018-05-02 16:40:33 +02:00
authz-obj-y
+=
simple.o