[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v5 07/11] authz: add QAuthZSimple object type fo
From: |
Daniel P . Berrangé |
Subject: |
Re: [Qemu-devel] [PATCH v5 07/11] authz: add QAuthZSimple object type for easy whitelist auth checks |
Date: |
Fri, 19 Oct 2018 13:32:23 +0100 |
User-agent: |
Mutt/1.10.1 (2018-07-13) |
On Fri, Oct 19, 2018 at 11:56:00AM +0200, Philippe Mathieu-Daudé wrote:
> On 09/10/2018 15:04, Daniel P. Berrangé wrote:
> > In many cases a single VM will just need to whilelist a single identity
> > as the allowed user of network services. This is especially the case for
> > TLS live migration (optionally with NBD storage) where we just need to
> > whitelist the x509 certificate distinguished name of the source QEMU
> > host.
> >
> > Via QMP this can be configured with:
> >
> > {
> > "execute": "object-add",
> > "arguments": {
> > "qom-type": "authz-simple",
> > "id": "authz0",
> > "parameters": {
> > "identity": "fred"
> > }
> > }
> > }
> >
> > Or via the command line
> >
> > -object authz-simple,id=authz0,identity=fred
> >
> > Signed-off-by: Daniel P. Berrange <address@hidden>
> > ---
> > authz/Makefile.objs | 1 +
> > authz/simple.c | 122 +++++++++++++++++++++++++++++++++++++++++
> > authz/trace-events | 3 +
> > include/authz/simple.h | 84 ++++++++++++++++++++++++++++
> > qemu-options.hx | 21 +++++++
> > 5 files changed, 231 insertions(+)
> > create mode 100644 authz/simple.c
> > create mode 100644 include/authz/simple.h
> > +static void
> > +qauthz_simple_prop_set_identity(Object *obj,
> > + const char *value,
> > + Error **errp G_GNUC_UNUSED)
> > +{
> > + QAuthZSimple *authz = QAUTHZ_SIMPLE(obj);
> > +
>
> Hmm don't this miss:
>
> g_free(authz->identity);
>
> > + authz->identity = g_strdup(value);
> > +}
Yes, will squash that in
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
[Qemu-devel] [PATCH v5 06/11] authz: add QAuthZ object as an authorization base class, Daniel P . Berrangé, 2018/10/09
[Qemu-devel] [PATCH v5 07/11] authz: add QAuthZSimple object type for easy whitelist auth checks, Daniel P . Berrangé, 2018/10/09
[Qemu-devel] [PATCH v5 09/11] authz: add QAuthZListFile object type for a file access control list, Daniel P . Berrangé, 2018/10/09
[Qemu-devel] [PATCH v5 11/11] authz: delete existing ACL implementation, Daniel P . Berrangé, 2018/10/09
[Qemu-devel] [PATCH v5 08/11] authz: add QAuthZList object type for an access control list, Daniel P . Berrangé, 2018/10/09