On Fri, Sep 04, 2015 at 13:26:17 +0100, Daniel P. Berrange wrote: > On Fri, Sep 04, 2015 at 02:19:09PM +0200, Jiri Denemark wrote: > > Creating ACL rules is not exactly easy and existing examples are pretty > > simple. This patch adds a somewhat complex example which defines several > > roles. Admins can do everything, operators can do basic operations > > on any domain and several groups of users who act as operators but only > > on a limited set of domains. > > > > Signed-off-by: Jiri Denemark <jdenemar@xxxxxxxxxx> > > --- > > Makefile.am | 2 +- > > configure.ac | 1 + > > examples/polkit/Makefile.am | 17 ++++++ > > examples/polkit/libvirt-acl.rules | 115 ++++++++++++++++++++++++++++++++++++++ > > libvirt.spec.in | 3 + > > 5 files changed, 137 insertions(+), 1 deletion(-) > > create mode 100644 examples/polkit/Makefile.am > > create mode 100644 examples/polkit/libvirt-acl.rules > > > > diff --git a/Makefile.am b/Makefile.am > > index 91b943b..d338d5a 100644 > > --- a/Makefile.am > > +++ b/Makefile.am > > @@ -23,7 +23,7 @@ SUBDIRS = . gnulib/lib include src daemon tools docs gnulib/tests \ > > tests po examples/object-events examples/hellolibvirt \ > > examples/dominfo examples/domsuspend examples/apparmor \ > > examples/xml/nwfilter examples/openauth examples/systemtap \ > > - tools/wireshark examples/dommigrate \ > > + tools/wireshark examples/dommigrate examples/polkit \ > > examples/lxcconvert examples/domtop > > > > ACLOCAL_AMFLAGS = -I m4 > > diff --git a/configure.ac b/configure.ac > > index 8471a46..136c2e7 100644 > > --- a/configure.ac > > +++ b/configure.ac > > @@ -2809,6 +2809,7 @@ AC_CONFIG_FILES([\ > > examples/systemtap/Makefile \ > > examples/xml/nwfilter/Makefile \ > > examples/lxcconvert/Makefile \ > > + examples/polkit/Makefile \ > > tools/wireshark/Makefile \ > > tools/wireshark/src/Makefile]) > > AC_OUTPUT > > diff --git a/examples/polkit/Makefile.am b/examples/polkit/Makefile.am > > new file mode 100644 > > index 0000000..4d213e8 > > --- /dev/null > > +++ b/examples/polkit/Makefile.am > > @@ -0,0 +1,17 @@ > > +## Copyright (C) 2015 Red Hat, Inc. > > +## > > +## This library is free software; you can redistribute it and/or > > +## modify it under the terms of the GNU Lesser General Public > > +## License as published by the Free Software Foundation; either > > +## version 2.1 of the License, or (at your option) any later version. > > +## > > +## This library is distributed in the hope that it will be useful, > > +## but WITHOUT ANY WARRANTY; without even the implied warranty of > > +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > > +## Lesser General Public License for more details. > > +## > > +## You should have received a copy of the GNU Lesser General Public > > +## License along with this library. If not, see > > +## <http://www.gnu.org/licenses/>. > > + > > +EXTRA_DIST = libvirt-acl.rules > > diff --git a/examples/polkit/libvirt-acl.rules b/examples/polkit/libvirt-acl.rules > > new file mode 100644 > > index 0000000..5c26593 > > --- /dev/null > > +++ b/examples/polkit/libvirt-acl.rules > > @@ -0,0 +1,115 @@ > > > It would be beneficial to put some docs in this file header here > to explain to people what this example is achieving. ... > ACK Thanks, I added the documentation and pushed this patch. Jirka -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list