On Fri, Sep 04, 2015 at 14:19:09 +0200, Jiri Denemark wrote:
Creating ACL rules is not exactly easy and existing examples are pretty simple. This patch adds a somewhat complex example which defines several roles. Admins can do everything, operators can do basic operations on any domain and several groups of users who act as operators but only on a limited set of domains.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> --- Makefile.am | 2 +- configure.ac | 1 + examples/polkit/Makefile.am | 17 ++++++ examples/polkit/libvirt-acl.rules | 115 ++++++++++++++++++++++++++++++++++++++ libvirt.spec.in | 3 + 5 files changed, 137 insertions(+), 1 deletion(-) create mode 100644 examples/polkit/Makefile.am create mode 100644 examples/polkit/libvirt-acl.rules
Consider the following addition to aclpolkit.html squashed in: diff --git i/docs/aclpolkit.html.in w/docs/aclpolkit.html.in index e5a9b16..dae0814 100644 --- i/docs/aclpolkit.html.in +++ w/docs/aclpolkit.html.in @@ -348,6 +348,12 @@ <code>lookup</code> method. </p> + <p> + See + <a href="http://libvirt.org/git/?p=libvirt.git;a=tree;f=examples/polkit;hb=HEAD">source code</a> + for a more complex example. + </p> + <h3><a name="exconnect">Example: restricting ability to connect to drivers</a></h3> <p> Jirka