[libvirt] [PATCH v3 0/6] Add authorization support to all network services
v1: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg04482.html
v2: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg05727.html
This series builds on the core authorization framework:
v5: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg01613.html
enabling its use with the VNC, chardev, NBD and migration network servers.
In combination with TLS x509 client certificates, this allows these
services to whitelist specific clients, which avoids the need to setup
restricted child certificate authorities.
In VNC it also allows whitelisting based on SASL user names.
Changed in v3:
- Rebased to latest git master
Changed in v2:
- Document that authz objects are resolved at time of use, not
time of network service activation
- Improve docs for tls-authz parameters on services
- Fix 2.13 -> 3.0 version tags
- Remove redundant conditionals around g_strdup
- Fix arg syntax for qemu-nbd s/-/--/
- Remove QAPI (optional) annotation
- Fix some outdated usage example
Based-on: <20181009130442.26296-1-berrange(a)redhat.com>
Daniel P. Berrangé (6):
qemu-nbd: add support for authorization of TLS clients
nbd: allow authorization with nbd-server-start QMP command
migration: add support for a "tls-authz" migration parameter
chardev: add support for authorization for TLS clients
vnc: allow specifying a custom authorization object name
monitor: deprecate acl_show, acl_reset, acl_policy, acl_add,
acl_remove
blockdev-nbd.c | 11 +++++---
chardev/char-socket.c | 11 +++++++-
chardev/char.c | 3 +++
hmp.c | 11 +++++++-
include/block/nbd.h | 4 +--
migration/migration.c | 8 ++++++
migration/tls.c | 2 +-
monitor.c | 23 +++++++++++++++++
nbd/server.c | 10 ++++----
qapi/block.json | 8 +++++-
qapi/char.json | 6 +++++
qapi/migration.json | 14 ++++++++++-
qemu-deprecated.texi | 11 ++++++++
qemu-nbd.c | 13 +++++++++-
qemu-nbd.texi | 4 +++
qemu-options.hx | 44 +++++++++++++++++++++++---------
ui/vnc.c | 58 ++++++++++++++++++++++++++++++++++++-------
17 files changed, 204 insertions(+), 37 deletions(-)
--
2.17.1