xenbits.xensource.com Git - libvirt.git/commit

author	Daniel P. Berrange <berrange@redhat.com>
	Thu, 18 Apr 2013 11:08:47 +0000 (12:08 +0100)
committer	Daniel P. Berrange <berrange@redhat.com>
	Mon, 24 Jun 2013 14:24:36 +0000 (15:24 +0100)
commit	e341435e5090677c67a0d3d4ca0393102054841f
tree	9cc4da1febf3c834f6675aa6ce7de1bbbb5c3aba	tree
parent	b904bba7f4b48538fcd710dc27f96cc59b223473	commit \| diff

Add ACL annotations to all RPC messages

Introduce annotations to all RPC messages to declare what
access control checks are required. There are two new
annotations defined:

@acl: <object>:<permission>
@acl: <object>:<permission>:<flagname>

  Declare the access control requirements for the API. May be repeated
  multiple times, if multiple rules are required.

    <object> is one of 'connect', 'domain', 'network', 'storagepool',
             'interface', 'nodedev', 'secret'.
    <permission> is one of the permissions in access/viraccessperm.h
    <flagname> indicates the rule only applies if the named flag
    is set in the API call

@aclfilter: <object>:<permission>

  Declare an access control filter that will be applied to a list
  of objects being returned by an API. This allows the returned
  list to be filtered to only show those the user has permissions
  against

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

src/locking/lock_protocol.x		diff \| blob \| blame \| history
src/remote/lxc_protocol.x		diff \| blob \| blame \| history
src/remote/qemu_protocol.x		diff \| blob \| blame \| history
src/remote/remote_protocol.x		diff \| blob \| blame \| history
src/rpc/gendispatch.pl		diff \| blob \| blame \| history