[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [Patch][RFC] Example policy files (3/3)



The policy checker employs two files.  Role_definition.xml defines what
and how VMs a role is allowed to operate.  User_definition.xml defines
what roles are available to a user.  Operations are currently
represented by numbers.  They are defined in src/xr_internal.h in
libvirt part, though it is hardly readable.




<?xml version="1.0" ?>
<RolePolicyDefinition>
  <RolePolicyHeader>
    <Version>2.0</Version>
  </RolePolicyHeader>
  <RoleDefinition>
    <Role name="UserAdmin">
      <PolicyID id="ee6b8747-8789-445e-a660-2e1ee034930e"/>
      <ManageVM type="whole"/>
      <ControlOperation>
        <Accept>
          <operation id="16"/>
        </Accept>
      </ControlOperation>
    </Role>
    <Role name="PolicyAdmin">
      <PolicyID id="607c3ecd-9765-4712-9b5b-18e818189564"/>
      <ManageVM type="whole"/>
      <ControlOperation>
        <Accept>
          <operation id="16"/>
        </Accept>
      </ControlOperation>
    </Role>
    <Role name="HostOSManager">
      <PolicyID id="719e3158-29e3-427e-b609-929a3064616f"/>
      <ManageVM type="individual">
        <VM name="Domain-0"/>
      </ManageVM>
      <ControlOperation>
        <Accept>
          <operation id="16"/>
          <operation id="17"/>
          <operation id="18"/>
          <operation id="19"/>
          <operation id="20"/>
          <operation id="21"/>
          <operation id="22"/>
          <operation id="23"/>
          <operation id="31"/>
          <operation id="33"/>
          <operation id="36"/>
          <operation id="37"/>
          <operation id="38"/>
          <operation id="39"/>
          <operation id="41"/>
          <operation id="61"/>
          <operation id="62"/>
          <operation id="63"/>
        </Accept>
      </ControlOperation>
    </Role>
  </RoleDefinition>
</RolePolicyDefinition>


<?xml version="1.0" ?>
<UserConfiguration>
  <User name="user-admin">
    <UserRole role="UserAdmin"/>
  </User>
  <User name="policy-admin">
    <UserRole role="PolicyAdmin"/>
  </User>
  <User name="root">
    <UserRole role="HostOSManager"/>
  </User>
</UserConfiguration>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]