Files · fb5c4ebc0872e5f41634aec2f5a2cb5d83aefcd0 · Anton / libtcg

authz: add QAuthZSimple object type for easy whitelist auth checks

Daniel P. Berrangé authored 6 years ago

In many cases a single VM will just need to whitelist a single identity
as the allowed user of network services. This is especially the case for
TLS live migration (optionally with NBD storage) where we just need to
whitelist the x509 certificate distinguished name of the source QEMU
host.

Via QMP this can be configured with:

  {
    "execute": "object-add",
    "arguments": {
      "qom-type": "authz-simple",
      "id": "authz0",
      "props": {
        "identity": "fred"
      }
    }
  }

Or via the command line

  -object authz-simple,id=authz0,identity=fred

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

fb5c4ebc

History

fb5c4ebc 6 years ago

History

Name	Last commit	Last update
accel
audio
authz
backends
block
bsd-user
chardev
contrib
crypto
default-configs
disas
docs
fpu
fsdev
gdb-xml
hw
include
io
libdecnumber
linux-headers
linux-user
migration
nbd
net
pc-bios
po
qapi
qga
qobject
qom
replay
roms
scripts
scsi
slirp
stubs
target
tcg
tests
trace
ui
util
.cirrus.yml
.dir-locals.el
.editorconfig
.exrc
.gdbinit
.gitignore
.gitlab-ci.yml
.gitmodules
.gitpublish
.mailmap
.shippable.yml
.travis.yml
CODING_STYLE
COPYING
COPYING.LIB
Changelog
HACKING
LICENSE
MAINTAINERS
Makefile
Makefile.objs
Makefile.target
README
VERSION
arch_init.c
balloon.c
block.c
blockdev-nbd.c
blockdev.c
blockjob.c
bootdevice.c
bt-host.c
bt-vhci.c
configure
cpus-common.c
cpus.c
device-hotplug.c
device_tree.c
disas.c
dma-helpers.c
dump.c
exec.c
gdbstub.c
gitdm.config
hmp-commands-info.hx
hmp-commands.hx
hmp.c
hmp.h
ioport.c
iothread.c
job-qmp.c
job.c
memory.c
memory_ldst.inc.c
memory_mapping.c
module-common.c
monitor.c
numa.c

README