https://bugzilla.redhat.com/show_bug.cgi?id=1611320 Generation of the ACL API policy is a "automated process" based on this perl script which "worked" with the changes to add nwfilter binding API's because they had the "nwfilter" prefix; however, the generated output name was incorrect based on the remote protocol algorithm which expected to generate names such as 'nwfilter-binding.action' instead of 'nwfilter.binding-action'. This effectively changes src/access/org.libvirt.api.policy entries: org.libvirt.api.nwfilter.binding-create ==> org.libvirt.api.nwfilter-binding.create org.libvirt.api.nwfilter.binding-delete ==> org.libvirt.api.nwfilter-binding.delete org.libvirt.api.nwfilter.binding-getattr ==> org.libvirt.api.nwfilter-binding.getattr org.libvirt.api.nwfilter.binding-read ==> org.libvirt.api.nwfilter-binding.read Signed-off-by: John Ferlan <jferlan(a)redhat.com&gt; --- If someone can explain better exactly what is happening in this processing, I'd be more than willing to update the commit message. I'm sure my wording isn't "precise" enough, but I feel like I hit the lottery finding this needle in the haystack. src/access/genpolkit.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/access/genpolkit.pl b/src/access/genpolkit.pl index 968cb8c55c..e074c90eb6 100755 --- a/src/access/genpolkit.pl +++ b/src/access/genpolkit.pl @@ -22,8 +22,8 @@ use warnings; my @objects = ( "CONNECT", "DOMAIN", "INTERFACE", - "NETWORK","NODE_DEVICE", "NWFILTER", - "SECRET", "STORAGE_POOL", "STORAGE_VOL", + "NETWORK","NODE_DEVICE", "NWFILTER_BINDING", "NWFILTER", + "SECRET", "STORAGE_POOL", "STORAGE_VOL", ); my $objects = join ("|", @objects); -- 2.17.1