mirror of
https://gitlab.com/qemu-project/qemu
synced 2024-10-14 23:13:30 +00:00
000194556b
As with the previous patch to qemu-nbd, the nbd-server-start QMP command also needs to be able to specify authorization when enabling TLS encryption. First the client must create a QAuthZ object instance using the 'object-add' command: { 'execute': 'object-add', 'arguments': { 'qom-type': 'authz-list', 'id': 'authz0', 'parameters': { 'policy': 'deny', 'rules': [ { 'match': '*CN=fred', 'policy': 'allow' } ] } } } They can then reference this in the new 'tls-authz' parameter when executing the 'nbd-server-start' command: { 'execute': 'nbd-server-start', 'arguments': { 'addr': { 'type': 'inet', 'host': '127.0.0.1', 'port': '9000' }, 'tls-creds': 'tls0', 'tls-authz': 'authz0' } } Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <20190227162035.18543-3-berrange@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com> |
||
---|---|---|
.. | ||
authz.json | ||
block-core.json | ||
block.json | ||
char.json | ||
common.json | ||
crypto.json | ||
introspect.json | ||
job.json | ||
Makefile.objs | ||
migration.json | ||
misc.json | ||
net.json | ||
opts-visitor.c | ||
qapi-clone-visitor.c | ||
qapi-dealloc-visitor.c | ||
qapi-schema.json | ||
qapi-util.c | ||
qapi-visit-core.c | ||
qmp-dispatch.c | ||
qmp-event.c | ||
qmp-registry.c | ||
qobject-input-visitor.c | ||
qobject-output-visitor.c | ||
rdma.json | ||
rocker.json | ||
run-state.json | ||
sockets.json | ||
string-input-visitor.c | ||
string-output-visitor.c | ||
target.json | ||
tpm.json | ||
trace-events | ||
trace.json | ||
transaction.json | ||
ui.json |