On Fri, Oct 19, 2018 at 11:56:00AM +0200, Philippe Mathieu-Daudé wrote:
> On 09/10/2018 15:04, Daniel P. Berrangé wrote:
> > In many cases a single VM will just need to whilelist a single identity
> > as the allowed user of network services. This is especially the case for
> > TLS live migration (optionally with NBD storage) where we just need to
> > whitelist the x509 certificate distinguished name of the source QEMU
> > host.
> >
> > Via QMP this can be configured with:
> >
> > {
> > "execute": "object-add",
> > "arguments": {
> > "qom-type": "authz-simple",
> > "id": "authz0",
> > "parameters": {
> > "identity": "fred"
> > }
> > }
> > }
> >
> > Or via the command line
> >
> > -object authz-simple,id=authz0,identity=fred
> >
> > Signed-off-by: Daniel P. Berrange <berra...@redhat.com>
> > ---
> > authz/Makefile.objs | 1 +
> > authz/simple.c | 122 +++++++++++++++++++++++++++++++++++++++++
> > authz/trace-events | 3 +
> > include/authz/simple.h | 84 ++++++++++++++++++++++++++++
> > qemu-options.hx | 21 +++++++
> > 5 files changed, 231 insertions(+)
> > create mode 100644 authz/simple.c
> > create mode 100644 include/authz/simple.h
> > +static void
> > +qauthz_simple_prop_set_identity(Object *obj,
> > + const char *value,
> > + Error **errp G_GNUC_UNUSED)
> > +{
> > + QAuthZSimple *authz = QAUTHZ_SIMPLE(obj);
> > +
>
> Hmm don't this miss:
>
> g_free(authz->identity);
>
> > + authz->identity = g_strdup(value);
> > +}
Yes, will squash that in
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
