From nobody Wed Nov 27 18:43:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1539614538525924.5554687638135; Mon, 15 Oct 2018 07:42:18 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2C7EF30C0EB1; Mon, 15 Oct 2018 14:42:16 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6E22685679; Mon, 15 Oct 2018 14:42:15 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 700F74CAA0; Mon, 15 Oct 2018 14:42:14 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w9FEQeo7006938 for ; Mon, 15 Oct 2018 10:26:40 -0400 Received: by smtp.corp.redhat.com (Postfix) id A0EEA850F; Mon, 15 Oct 2018 14:26:40 +0000 (UTC) Received: from unknown54ee7586bd10.attlocal.net.com (ovpn-116-156.phx2.redhat.com [10.3.116.156]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5A8E96715B for ; Mon, 15 Oct 2018 14:26:40 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Mon, 15 Oct 2018 10:26:34 -0400 Message-Id: <20181015142634.26205-3-jferlan@redhat.com> In-Reply-To: <20181015142634.26205-1-jferlan@redhat.com> References: <20181015142634.26205-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 2/2] docs: Enhance polkit documentation to describe secondary connection X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Mon, 15 Oct 2018 14:42:17 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" https://bugzilla.redhat.com/show_bug.cgi?id=3D1631608 Since commit 8259255 usage of a primary connection driver for a virConnect has been modified to open (virConnectOpen) and use a connection to the specific driver in order to handle the API calls to/for that driver. This causes some confusion and issues for ACL polkit rule scripts to know exactly which driver by name will be used. Add some documentation describing the processing of the primary and secondary connection as well as the list of the connect_driver names used for each driver. Signed-off-by: John Ferlan --- docs/aclpolkit.html.in | 117 +++++++++++++++++++++++++++++++++++++++++ docs/libvirt.css | 1 + 2 files changed, 118 insertions(+) diff --git a/docs/aclpolkit.html.in b/docs/aclpolkit.html.in index ee00b98461..ac54f125da 100644 --- a/docs/aclpolkit.html.in +++ b/docs/aclpolkit.html.in @@ -287,6 +287,123 @@ =20 +

Hypervisor Driver connect_driver

+

+ The connect_driver parameter describes the + client's remote Connection Driver + name based on the URI used for the + connection. +

+

+ Since 4.1.0, when calling an API + outside the scope of the primary connection driver, the + primary driver will attempt to open a secondary connection + to the specific API driver in order to process the API. For + example, when hypervisor domain processing needs to make an + API call within the storage driver or the network filter driver + an attempt to open a connection to the "storage" or "nwfilter" + driver will be made. Similarly, a "storage" primary connection + may need to create a connection to the "secret" driver in order + to process secrets for the API. If successful, then calls to + those API's will occur in the connect_driver context + of the secondary connection driver rather than in the context of + the primary driver. This affects the connect_driver + returned from rule generation from the action.loookup + function. The following table provides a list of the various + connection drivers and the connect_driver name + used by each regardless of primary or secondary connection. + The access denied error message from libvirt will list the + connection driver by name that denied the access. +

+ +

Connection Driver Name

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Connection Driverconnect_driver name
bhyvebhyve
esxESX
hypervHyper-V
interfaceinterface
libxlxenlight
lxcLXC
networknetwork
nodedevnodedev
nwfilterNWFilter
openvzOPENVZ
phypPHYP
qemuQEMU
secretsecret
storagestorage
umlUML
vboxVBOX
vmwareVMWARE
vzvz
xenapiXenAPI
+ =20

User identity attributes

=20 diff --git a/docs/libvirt.css b/docs/libvirt.css index b2ed33926a..e590b33cfb 100644 --- a/docs/libvirt.css +++ b/docs/libvirt.css @@ -393,6 +393,7 @@ table.acl { =20 table.acl tr, table.acl td { padding: 0.3em; + border: 1px solid #ccc; } =20 table.acl thead { --=20 2.17.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list