On Tue, Mar 22, 2016 at 10:33:42AM -0600, Eric Blake wrote: > On 03/10/2016 11:59 AM, Daniel P. Berrange wrote: > > The current qemu_acl module provides a simple access control > > list facility inside QEMU, which is used via a set of monitor > > commands acl_show, acl_policy, acl_add, acl_remove & acl_reset. > > > > Note there is no ability to create ACLs - the network services > > (eg VNC server) were expected to create ACLs that they want to > > check. > > > > There is also no way to define ACLs on the command line, nor > > potentially integrate with external authorization systems like > > polkit, pam, ldap lookup, etc. > > > > The QAuthZ object defines a minimal abstract QOM class that can > > be subclassed for creating different authorization providers. > > > > Signed-off-by: Daniel P. Berrange <berra...@redhat.com> > > --- > > > +++ b/include/qemu/authz.h > > + > > +/** > > + * QAuthZ: > > + * > > + * The QAuthZ class defines an API contract to be used > > + * for providing an authorization driver for network > > + * services. > > Just network services? Or is it broader than that?
Any service that requires authentication. It is actually nothing specific to networking Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|