We have been grouping network-port and nwfilter-binding permissions
under virNetworkPtr and virNWFilterPtr respectively.
Add the two missing classes that were matched because they contain
a substring of others.
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
docs/genaclperms.pl | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/docs/genaclperms.pl b/docs/genaclperms.pl
index d878321a90..34c526021c 100755
--- a/docs/genaclperms.pl
+++ b/docs/genaclperms.pl
@@ -22,7 +22,8 @@ use warnings;
my @objects = (
"CONNECT", "DOMAIN", "INTERFACE",
- "NETWORK","NODE_DEVICE", "NWFILTER",
+ "NETWORK_PORT", "NETWORK", "NODE_DEVICE",
+ "NWFILTER_BINDING", "NWFILTER",
"SECRET", "STORAGE_POOL", "STORAGE_VOL",
);
--
2.20.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-listOn Thu, Jun 27, 2019 at 05:44:34PM +0200, Ján Tomko wrote:
>We have been grouping network-port and nwfilter-binding permissions
>under virNetworkPtr and virNWFilterPtr respectively.
>
>Add the two missing classes that were matched because they contain
>a substring of others.
>
>Signed-off-by: Ján Tomko <jtomko@redhat.com>
>---
> docs/genaclperms.pl | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
After this patch we no longer say that a network has a port-create
permisison, but show 'create' as a permission of the network port:
$ diff -u docs/aclperms.htmlinc.before docs/aclperms.htmlinc
--- docs/aclperms.htmlinc.before 2019-07-01 15:51:04.588081150 +0200
+++ docs/aclperms.htmlinc 2019-07-01 15:51:26.317082311 +0200
@@ -257,26 +257,6 @@
<td>Access network</td>
</tr>
<tr>
- <td><a name="perm_network_port_create">port-create</a></td>
- <td>Create network port</td>
- </tr>
- <tr>
- <td><a name="perm_network_port_delete">port-delete</a></td>
- <td>Delete network port</td>
- </tr>
- <tr>
- <td><a name="perm_network_port_getattr">port-getattr</a></td>
- <td>Access network port</td>
- </tr>
- <tr>
- <td><a name="perm_network_port_read">port-read</a></td>
- <td>Read network port</td>
- </tr>
- <tr>
- <td><a name="perm_network_port_write">port-write</a></td>
- <td>Read network port</td>
- </tr>
- <tr>
<td><a name="perm_network_read">read</a></td>
<td>Read network</td>
</tr>
@@ -302,6 +282,37 @@
</tr>
</tbody>
</table>
+<h3><a name="object_network_port">virNetworkPortPtr</a></h3>
+<table class="acl">
+ <thead>
+ <tr>
+ <th>Permission</th>
+ <th>Description</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td><a name="perm_network_port_create">create</a></td>
+ <td>Create network port</td>
+ </tr>
+ <tr>
+ <td><a name="perm_network_port_delete">delete</a></td>
+ <td>Delete network port</td>
+ </tr>
+ <tr>
+ <td><a name="perm_network_port_getattr">getattr</a></td>
+ <td>Access network port</td>
+ </tr>
+ <tr>
+ <td><a name="perm_network_port_read">read</a></td>
+ <td>Read network port</td>
+ </tr>
+ <tr>
+ <td><a name="perm_network_port_write">write</a></td>
+ <td>Read network port</td>
+ </tr>
+ </tbody>
+</table>
<h3><a name="object_node_device">virNodeDevicePtr</a></h3>
<table class="acl">
<thead>
@@ -347,22 +358,6 @@
</thead>
<tbody>
<tr>
- <td><a name="perm_nwfilter_binding_create">binding-create</a></td>
- <td>Create network filter binding</td>
- </tr>
- <tr>
- <td><a name="perm_nwfilter_binding_delete">binding-delete</a></td>
- <td>Delete network filter binding</td>
- </tr>
- <tr>
- <td><a name="perm_nwfilter_binding_getattr">binding-getattr</a></td>
- <td>Access network filter</td>
- </tr>
- <tr>
- <td><a name="perm_nwfilter_binding_read">binding-read</a></td>
- <td>Read network filter binding</td>
- </tr>
- <tr>
<td><a name="perm_nwfilter_delete">delete</a></td>
<td>Delete network filter</td>
</tr>
@@ -384,6 +379,33 @@
</tr>
</tbody>
</table>
+<h3><a name="object_nwfilter_binding">virNWFilterBindingPtr</a></h3>
+<table class="acl">
+ <thead>
+ <tr>
+ <th>Permission</th>
+ <th>Description</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td><a name="perm_nwfilter_binding_create">create</a></td>
+ <td>Create network filter binding</td>
+ </tr>
+ <tr>
+ <td><a name="perm_nwfilter_binding_delete">delete</a></td>
+ <td>Delete network filter binding</td>
+ </tr>
+ <tr>
+ <td><a name="perm_nwfilter_binding_getattr">getattr</a></td>
+ <td>Access network filter</td>
+ </tr>
+ <tr>
+ <td><a name="perm_nwfilter_binding_read">read</a></td>
+ <td>Read network filter binding</td>
+ </tr>
+ </tbody>
+</table>
<h3><a name="object_secret">virSecretPtr</a></h3>
<table class="acl">
<thead>
Jano
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Mon, 2019-07-01 at 15:53 +0200, Ján Tomko wrote: > On Thu, Jun 27, 2019 at 05:44:34PM +0200, Ján Tomko wrote: > > We have been grouping network-port and nwfilter-binding permissions > > under virNetworkPtr and virNWFilterPtr respectively. > > > > Add the two missing classes that were matched because they contain > > a substring of others. > > > > Signed-off-by: Ján Tomko <jtomko@redhat.com> > > --- > > docs/genaclperms.pl | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > After this patch we no longer say that a network has a port-create > permisison, but show 'create' as a permission of the network port: Thanks for explaining the consequences of this change! Reviewed-by: Andrea Bolognani <abologna@redhat.com> -- Andrea Bolognani / Red Hat / Virtualization -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2026 Red Hat, Inc.