From: "Daniel P. Berrangé" <berrange@redhat.com>
To: "Marc-André Lureau" <marcandre.lureau@gmail.com>
Cc: QEMU <qemu-devel@nongnu.org>,
Markus Armbruster <armbru@redhat.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
Gerd Hoffmann <kraxel@redhat.com>,
philmd@redhat.com
Subject: Re: [Qemu-devel] [PATCH v6 07/11] authz: add QAuthZSimple object type for easy whitelist auth checks
Date: Tue, 13 Nov 2018 17:11:12 +0000 [thread overview]
Message-ID: <20181113171112.GK14591@redhat.com> (raw)
In-Reply-To: <CAJ+F1CLMtVnKjDJhm29Jx56FLVjeacvjA=8CvteimiYFg05SvA@mail.gmail.com>
On Thu, Nov 08, 2018 at 02:23:48AM +0400, Marc-André Lureau wrote:
> On Fri, Oct 19, 2018 at 5:49 PM Daniel P. Berrangé <berrange@redhat.com> wrote:
> >
> > In many cases a single VM will just need to whilelist a single identity
> > as the allowed user of network services. This is especially the case for
> > TLS live migration (optionally with NBD storage) where we just need to
> > whitelist the x509 certificate distinguished name of the source QEMU
> > host.
> >
> > Via QMP this can be configured with:
> >
> > {
> > "execute": "object-add",
> > "arguments": {
> > "qom-type": "authz-simple",
> > "id": "authz0",
> > "parameters": {
> > "identity": "fred"
> > }
> > }
> > }
> >
> > Or via the command line
> >
> > -object authz-simple,id=authz0,identity=fred
> >
> > Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
>
> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> (a test would be trivial)
Yes, will add one
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2018-11-13 17:11 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-19 13:38 [Qemu-devel] [PATCH v6 00/11] Add a standard authorization framework Daniel P. Berrangé
2018-10-19 13:38 ` [Qemu-devel] [PATCH v6 01/11] util: add helper APIs for dealing with inotify in portable manner Daniel P. Berrangé
2018-11-07 18:08 ` Marc-André Lureau
2018-11-12 16:49 ` Daniel P. Berrangé
2018-10-19 13:38 ` [Qemu-devel] [PATCH v6 02/11] qom: don't require user creatable objects to be registered Daniel P. Berrangé
2018-11-07 18:09 ` Marc-André Lureau
2018-10-19 13:38 ` [Qemu-devel] [PATCH v6 03/11] hw/usb: don't set IN_ISDIR for inotify watch in MTP driver Daniel P. Berrangé
2018-11-07 18:10 ` Marc-André Lureau
2018-10-19 13:38 ` [Qemu-devel] [PATCH v6 04/11] hw/usb: fix const-ness for string params " Daniel P. Berrangé
2018-11-07 18:11 ` Marc-André Lureau
2018-10-19 13:38 ` [Qemu-devel] [PATCH v6 05/11] hw/usb: switch MTP to use new inotify APIs Daniel P. Berrangé
2018-11-07 18:26 ` Marc-André Lureau
2018-11-13 17:07 ` Daniel P. Berrangé
2018-10-19 13:38 ` [Qemu-devel] [PATCH v6 06/11] authz: add QAuthZ object as an authorization base class Daniel P. Berrangé
2018-11-07 22:23 ` Marc-André Lureau
2018-10-19 13:38 ` [Qemu-devel] [PATCH v6 07/11] authz: add QAuthZSimple object type for easy whitelist auth checks Daniel P. Berrangé
2018-10-22 23:54 ` Philippe Mathieu-Daudé
2018-11-07 22:23 ` Marc-André Lureau
2018-11-13 17:11 ` Daniel P. Berrangé [this message]
2018-10-19 13:38 ` [Qemu-devel] [PATCH v6 08/11] authz: add QAuthZList object type for an access control list Daniel P. Berrangé
2018-10-23 10:18 ` Philippe Mathieu-Daudé
2018-11-07 22:23 ` Marc-André Lureau
2018-11-07 22:38 ` Eric Blake
2018-11-13 17:29 ` Daniel P. Berrangé
2018-11-08 8:18 ` Marc-André Lureau
2018-10-19 13:38 ` [Qemu-devel] [PATCH v6 09/11] authz: add QAuthZListFile object type for a file " Daniel P. Berrangé
2018-10-22 23:56 ` Philippe Mathieu-Daudé
2018-11-07 22:23 ` Marc-André Lureau
2018-11-15 10:33 ` Daniel P. Berrangé
2018-10-19 13:38 ` [Qemu-devel] [PATCH v6 10/11] authz: add QAuthZPAM object type for authorizing using PAM Daniel P. Berrangé
2018-11-07 22:23 ` Marc-André Lureau
2018-11-15 10:32 ` Daniel P. Berrangé
2018-10-19 13:38 ` [Qemu-devel] [PATCH v6 11/11] authz: delete existing ACL implementation Daniel P. Berrangé
2018-10-23 11:14 ` Philippe Mathieu-Daudé
2018-11-08 8:15 ` Marc-André Lureau
2018-11-14 16:45 ` Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181113171112.GK14591@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=dgilbert@redhat.com \
--cc=kraxel@redhat.com \
--cc=marcandre.lureau@gmail.com \
--cc=philmd@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).