https://bugzilla.redhat.com/show_bug.cgi?id=1611320
Generation of the ACL API policy is a "automated process"
based on this perl script which "worked" with the changes to
add nwfilter binding API's because they had the "nwfilter"
prefix; however, the generated output name was incorrect
based on the remote protocol algorithm which expected to
generate names such as 'nwfilter-binding.action' instead
of 'nwfilter.binding-action'.
This effectively changes src/access/org.libvirt.api.policy entries:
org.libvirt.api.nwfilter.binding-create ==>
org.libvirt.api.nwfilter-binding.create
org.libvirt.api.nwfilter.binding-delete ==>
org.libvirt.api.nwfilter-binding.delete
org.libvirt.api.nwfilter.binding-getattr ==>
org.libvirt.api.nwfilter-binding.getattr
org.libvirt.api.nwfilter.binding-read ==>
org.libvirt.api.nwfilter-binding.read
Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This is particularly useful on operating systems that don't ship
Perl as part of the base system (eg. FreeBSD) while still working
just as well as it did before on Linux.
In one case (src/rpc/genprotocol.pl) the interpreter path was
missing altogether.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Add an access control driver that uses the pkcheck command
to check authorization requests. This is fairly inefficient,
particularly for cases where an API returns a list of objects
and needs to check permission for each object.
It would be desirable to use the polkit API but this links
to glib with abort-on-OOM behaviour, so can't be used. The
other alternative is to speak to dbus directly
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
