diff options
Diffstat (limited to 'qemu-monitor.hx')
| -rw-r--r-- | qemu-monitor.hx | 76 |
1 files changed, 39 insertions, 37 deletions
diff --git a/qemu-monitor.hx b/qemu-monitor.hx index a87530ca7c..aa29a91738 100644 --- a/qemu-monitor.hx +++ b/qemu-monitor.hx @@ -569,48 +569,50 @@ STEXI Change watchdog action. ETEXI - { "acl", "sss?i?", do_acl, "<command> <aclname> [<match> [<index>]]\n", - "acl show vnc.username\n" - "acl policy vnc.username deny\n" - "acl allow vnc.username fred\n" - "acl deny vnc.username bob\n" - "acl reset vnc.username\n" }, + { "acl_show", "s", do_acl_show, "aclname", + "list rules in the access control list" }, STEXI -@item acl @var{subcommand} @var{aclname} @var{match} @var{index} - -Manage access control lists for network services. There are currently -two named access control lists, @var{vnc.x509dname} and @var{vnc.username} -matching on the x509 client certificate distinguished name, and SASL -username respectively. +@item acl_show @var{aclname} +List all the matching rules in the access control list, and the default +policy. There are currently two named access control lists, +@var{vnc.x509dname} and @var{vnc.username} matching on the x509 client +certificate distinguished name, and SASL username respectively. +ETEXI -@table @option -@item acl show <aclname> -list all the match rules in the access control list, and the default -policy -@item acl policy <aclname> @code{allow|deny} -set the default access control list policy, used in the event that + { "acl_policy", "ss", do_acl_policy, "aclname allow|deny", + "set default access control list policy" }, +STEXI +@item acl_policy @var{aclname] @code{allow|deny} +Set the default access control list policy, used in the event that none of the explicit rules match. The default policy at startup is -always @code{deny} -@item acl allow <aclname> <match> [<index>] -add a match to the access control list, allowing access. The match will -normally be an exact username or x509 distinguished name, but can -optionally include wildcard globs. eg @code{*@@EXAMPLE.COM} to allow -all users in the @code{EXAMPLE.COM} kerberos realm. The match will -normally be appended to the end of the ACL, but can be inserted -earlier in the list if the optional @code{index} parameter is supplied. -@item acl deny <aclname> <match> [<index>] -add a match to the access control list, denying access. The match will -normally be an exact username or x509 distinguished name, but can -optionally include wildcard globs. eg @code{*@@EXAMPLE.COM} to allow -all users in the @code{EXAMPLE.COM} kerberos realm. The match will +always @code{deny}. +ETEXI + + { "acl_add", "sssi?", do_acl_add, "aclname match allow|deny [index]", + "add a match rule to the access control list" }, +STEXI +@item acl_allow @var{aclname} @var{match} @code{allow|deny} [@var{index}] +Add a match rule to the access control list, allowing or denying access. +The match will normally be an exact username or x509 distinguished name, +but can optionally include wildcard globs. eg @code{*@@EXAMPLE.COM} to +allow all users in the @code{EXAMPLE.COM} kerberos realm. The match will normally be appended to the end of the ACL, but can be inserted -earlier in the list if the optional @code{index} parameter is supplied. -@item acl remove <aclname> <match> -remove the specified match rule from the access control list. -@item acl reset <aclname> -remove all matches from the access control list, and set the default +earlier in the list if the optional @var{index} parameter is supplied. +ETEXI + + { "acl_remove", "ss", do_acl_remove, "aclname match", + "remove a match rule from the access control list" }, +STEXI +@item acl_remove @var{aclname} @var{match} +Remove the specified match rule from the access control list. +ETEXI + + { "acl_reset", "s", do_acl_reset, "aclname", + "reset the access control list" }, +STEXI +@item acl_remove @var{aclname} @var{match} +Remove all matches from the access control list, and set the default policy back to @code{deny}. -@end table ETEXI STEXI |