Revision 15dfcd45 qemu-monitor.hx
b/qemu-monitor.hx | ||
---|---|---|
569 | 569 |
Change watchdog action. |
570 | 570 |
ETEXI |
571 | 571 |
|
572 |
{ "acl", "sss?i?", do_acl, "<command> <aclname> [<match> [<index>]]\n", |
|
573 |
"acl show vnc.username\n" |
|
574 |
"acl policy vnc.username deny\n" |
|
575 |
"acl allow vnc.username fred\n" |
|
576 |
"acl deny vnc.username bob\n" |
|
577 |
"acl reset vnc.username\n" }, |
|
572 |
{ "acl_show", "s", do_acl_show, "aclname", |
|
573 |
"list rules in the access control list" }, |
|
578 | 574 |
STEXI |
579 |
@item acl @var{subcommand} @var{aclname} @var{match} @var{index}
|
|
580 |
|
|
581 |
Manage access control lists for network services. There are currently
|
|
582 |
two named access control lists, @var{vnc.x509dname} and @var{vnc.username}
|
|
583 |
matching on the x509 client certificate distinguished name, and SASL
|
|
584 |
username respectively.
|
|
575 |
@item acl_show @var{aclname}
|
|
576 |
List all the matching rules in the access control list, and the default |
|
577 |
policy. There are currently two named access control lists,
|
|
578 |
@var{vnc.x509dname} and @var{vnc.username} matching on the x509 client
|
|
579 |
certificate distinguished name, and SASL username respectively.
|
|
580 |
ETEXI
|
|
585 | 581 |
|
586 |
@table @option |
|
587 |
@item acl show <aclname> |
|
588 |
list all the match rules in the access control list, and the default |
|
589 |
policy |
|
590 |
@item acl policy <aclname> @code{allow|deny} |
|
591 |
set the default access control list policy, used in the event that |
|
582 |
{ "acl_policy", "ss", do_acl_policy, "aclname allow|deny", |
|
583 |
"set default access control list policy" }, |
|
584 |
STEXI |
|
585 |
@item acl_policy @var{aclname] @code{allow|deny} |
|
586 |
Set the default access control list policy, used in the event that |
|
592 | 587 |
none of the explicit rules match. The default policy at startup is |
593 |
always @code{deny} |
|
594 |
@item acl allow <aclname> <match> [<index>] |
|
595 |
add a match to the access control list, allowing access. The match will |
|
596 |
normally be an exact username or x509 distinguished name, but can |
|
597 |
optionally include wildcard globs. eg @code{*@@EXAMPLE.COM} to allow |
|
598 |
all users in the @code{EXAMPLE.COM} kerberos realm. The match will |
|
599 |
normally be appended to the end of the ACL, but can be inserted |
|
600 |
earlier in the list if the optional @code{index} parameter is supplied. |
|
601 |
@item acl deny <aclname> <match> [<index>] |
|
602 |
add a match to the access control list, denying access. The match will |
|
603 |
normally be an exact username or x509 distinguished name, but can |
|
604 |
optionally include wildcard globs. eg @code{*@@EXAMPLE.COM} to allow |
|
605 |
all users in the @code{EXAMPLE.COM} kerberos realm. The match will |
|
588 |
always @code{deny}. |
|
589 |
ETEXI |
|
590 |
|
|
591 |
{ "acl_add", "sssi?", do_acl_add, "aclname match allow|deny [index]", |
|
592 |
"add a match rule to the access control list" }, |
|
593 |
STEXI |
|
594 |
@item acl_allow @var{aclname} @var{match} @code{allow|deny} [@var{index}] |
|
595 |
Add a match rule to the access control list, allowing or denying access. |
|
596 |
The match will normally be an exact username or x509 distinguished name, |
|
597 |
but can optionally include wildcard globs. eg @code{*@@EXAMPLE.COM} to |
|
598 |
allow all users in the @code{EXAMPLE.COM} kerberos realm. The match will |
|
606 | 599 |
normally be appended to the end of the ACL, but can be inserted |
607 |
earlier in the list if the optional @code{index} parameter is supplied. |
|
608 |
@item acl remove <aclname> <match> |
|
609 |
remove the specified match rule from the access control list. |
|
610 |
@item acl reset <aclname> |
|
611 |
remove all matches from the access control list, and set the default |
|
600 |
earlier in the list if the optional @var{index} parameter is supplied. |
|
601 |
ETEXI |
|
602 |
|
|
603 |
{ "acl_remove", "ss", do_acl_remove, "aclname match", |
|
604 |
"remove a match rule from the access control list" }, |
|
605 |
STEXI |
|
606 |
@item acl_remove @var{aclname} @var{match} |
|
607 |
Remove the specified match rule from the access control list. |
|
608 |
ETEXI |
|
609 |
|
|
610 |
{ "acl_reset", "s", do_acl_reset, "aclname", |
|
611 |
"reset the access control list" }, |
|
612 |
STEXI |
|
613 |
@item acl_remove @var{aclname} @var{match} |
|
614 |
Remove all matches from the access control list, and set the default |
|
612 | 615 |
policy back to @code{deny}. |
613 |
@end table |
|
614 | 616 |
ETEXI |
615 | 617 |
|
616 | 618 |
STEXI |
Also available in: Unified diff