1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
|
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
This file is autogenerated from acl.html.in
Do not edit this file. Changes will be lost.
-->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="main.css" />
<link rel="SHORTCUT ICON" href="32favicon.png" />
<title>libvirt: Client access control</title>
<meta name="description" content="libvirt, virtualization, virtualization API" />
</head>
<body>
<div id="header">
<div id="headerLogo"></div>
<div id="headerSearch">
<form action="search.php" enctype="application/x-www-form-urlencoded" method="get"><div>
<input id="query" name="query" type="text" size="12" value="" />
<input id="submit" name="submit" type="submit" value="Search" />
</div></form>
</div>
</div>
<div id="body">
<div id="menu">
<ul class="l0"><li>
<div>
<a title="Front page of the libvirt website" class="inactive" href="index.html">Home</a>
</div>
</li><li>
<div>
<a title="Details of new features and bugs fixed in each release" class="inactive" href="news.html">News</a>
</div>
</li><li>
<div>
<a title="Applications known to use libvirt" class="inactive" href="apps.html">Applications</a>
</div>
</li><li>
<div>
<a title="Get the latest source releases, binary builds and get access to the source repository" class="inactive" href="downloads.html">Downloads</a>
</div>
</li><li>
<div>
<a title="Information for users, administrators and developers" class="active" href="docs.html">Documentation</a>
<ul class="l1"><li>
<div>
<a title="How to compile libvirt" class="inactive" href="compiling.html">Compiling</a>
</div>
</li><li>
<div>
<a title="Information about deploying and using libvirt" class="active" href="deployment.html">Deployment</a>
<ul class="l2"><li>
<div>
<a title="The URI formats used for connecting to libvirt" class="inactive" href="uri.html">URI format</a>
</div>
</li><li>
<div>
<a title="Enable remote access over TCP" class="inactive" href="remote.html">Remote access</a>
</div>
</li><li>
<div>
<a title="Configure authentication for the libvirt daemon" class="inactive" href="auth.html">Authentication</a>
</div>
</li><li>
<div>
<span class="active">Access control</span>
<ul class="l3"><li>
<div>
<a title="Using polkit for API access control" class="inactive" href="aclpolkit.html">Polkit access control</a>
</div>
</li></ul>
</div>
</li><li>
<div>
<a title="Migrating guests between machines" class="inactive" href="migration.html">Migration</a>
</div>
</li><li>
<div>
<a title="Access the libvirt daemon from a native Windows client" class="inactive" href="windows.html">Windows port</a>
</div>
</li><li>
<div>
<a title="The library and the daemon logging support" class="inactive" href="logging.html">Logging</a>
</div>
</li><li>
<div>
<a title="Audit trail logs for host operations" class="inactive" href="auditlog.html">Audit log</a>
</div>
</li><li>
<div>
<a title="Firewall and network filter configuration" class="inactive" href="firewall.html">Firewall</a>
</div>
</li><li>
<div>
<a title="Ensuring exclusive guest access to disks" class="inactive" href="locking.html">Disk locking</a>
</div>
</li><li>
<div>
<a title="Control groups integration" class="inactive" href="cgroups.html">CGroups</a>
</div>
</li><li>
<div>
<a title="Hooks for system specific management" class="inactive" href="hooks.html">Hooks</a>
</div>
</li></ul>
</div>
</li><li>
<div>
<a title="Overview of the logical subsystems in the libvirt API" class="inactive" href="intro.html">Architecture</a>
</div>
</li><li>
<div>
<a title="Description of the XML formats used in libvirt" class="inactive" href="format.html">XML format</a>
</div>
</li><li>
<div>
<a title="Hypervisor specific driver information" class="inactive" href="drivers.html">Drivers</a>
</div>
</li><li>
<div>
<a title="Reference manual for the C public API" class="inactive" href="html/index.html">API reference</a>
</div>
</li><li>
<div>
<a title="Bindings of the libvirt API for other languages" class="inactive" href="bindings.html">Language bindings</a>
</div>
</li><li>
<div>
<a title="Working on the internals of libvirt API, driver and daemon code" class="inactive" href="internals.html">Internals</a>
</div>
</li><li>
<div>
<a title="A guide and reference for developing with libvirt" class="inactive" href="devguide.html">Development Guide</a>
</div>
</li><li>
<div>
<a title="Command reference for virsh" class="inactive" href="virshcmdref.html">Virsh Commands</a>
</div>
</li><li>
<div>
<a title="Project governance and code of conduct" class="inactive" href="governance.html">Governance</a>
</div>
</li></ul>
</div>
</li><li>
<div>
<a title="User contributed content" class="inactive" href="http://wiki.libvirt.org">Wiki</a>
</div>
</li><li>
<div>
<a title="Frequently asked questions" class="inactive" href="http://wiki.libvirt.org/page/FAQ">FAQ</a>
</div>
</li><li>
<div>
<a title="How and where to report bugs and request features" class="inactive" href="bugs.html">Bug reports</a>
</div>
</li><li>
<div>
<a title="How to contact the developers via email and IRC" class="inactive" href="contact.html">Contact</a>
</div>
</li><li>
<div>
<a title="Available test suites for libvirt" class="inactive" href="testsuites.html">Test suites</a>
</div>
</li><li>
<div>
<a title="Miscellaneous links of interest related to libvirt" class="inactive" href="relatedlinks.html">Related Links</a>
</div>
</li><li>
<div>
<a title="Overview of all content on the website" class="inactive" href="sitemap.html">Sitemap</a>
</div>
</li></ul>
</div>
<div id="content">
<h1>Client access control</h1>
<p>
Libvirt's client access control framework allows administrators
to setup fine grained permission rules across client users,
managed objects and API operations. This allows client connections
to be locked down to a minimal set of privileges.
</p>
<ul><li>
<a href="#intro">Access control introduction</a>
</li><li>
<a href="#drivers">Access control drivers</a>
</li><li>
<a href="#perms">Objects and permissions</a>
</li></ul>
<h2>
<a name="intro" shape="rect" id="intro">Access control introduction</a>
<a class="headerlink" href="#intro" title="Permalink to this headline">¶</a>
</h2>
<p>
In a default configuration, the libvirtd daemon has three levels
of access control. All connections start off in an unauthenticated
state, where the only API operations allowed are those required
to complete authentication. After successful authentication, a
connection either has full, unrestricted access to all libvirt
API calls, or is locked down to only "read only" operations,
according to what socket a client connection originated on.
</p>
<p>
The access control framework allows authenticated connections to
have fine grained permission rules to be defined by the administrator.
Every API call in libvirt has a set of permissions that will
be validated against the object being used. For example, the
<code>virDomainSetSchedulerParametersFlags</code> method will
check whether the client user has the <code>write</code>
permission on the <code>domain</code> object instance passed
in as a parameter. Further permissions will also be checked
if certain flags are set in the API call. In addition to
checks on the object passed in to an API call, some methods
will filter their results. For example the <code>virConnectListAllDomains</code>
method will check the <code>search_domains</code> on the <code>connect</code>
object, but will also filter the returned <code>domain</code>
objects to only those on which the client user has the
<code>getattr</code> permission.
</p>
<h2>
<a name="drivers" shape="rect" id="drivers">Access control drivers</a>
<a class="headerlink" href="#drivers" title="Permalink to this headline">¶</a>
</h2>
<p>
The access control framework is designed as a pluggable
system to enable future integration with arbitrary access
control technologies. By default, the <code>none</code>
driver is used, which does no access control checks at
all. At this time, libvirt ships with support for using
<a href="http://www.freedesktop.org/wiki/Software/polkit/" shape="rect">polkit</a> as a real access
control driver. To learn how to use the polkit access
driver consult <a href="aclpolkit.html" shape="rect">the configuration
docs</a>.
</p>
<p>
The access driver is configured in the <code>libvirtd.conf</code>
configuration file, using the <code>access_drivers</code>
parameter. This parameter accepts an array of access control
driver names. If more than one access driver is requested,
then all must succeed in order for access to be granted.
To enable 'polkit' as the driver:
</p>
<pre xml:space="preserve">
# augtool -s set '/files/etc/libvirt/libvirtd.conf/access_drivers[1]' polkit
</pre>
<p>
And to reset back to the default (no-op) driver
</p>
<pre xml:space="preserve">
# augtool -s rm /files/etc/libvirt/libvirtd.conf/access_drivers
</pre>
<p>
<strong>Note:</strong> changes to libvirtd.conf require that
the libvirtd daemon be restarted.
</p>
<h2>
<a name="perms" shape="rect" id="perms">Objects and permissions</a>
<a class="headerlink" href="#perms" title="Permalink to this headline">¶</a>
</h2>
<p>
Libvirt applies access control to all the main object
types in its API. Each object type, in turn, has a set
of permissions defined. To determine what permissions
are checked for specific API call, consult the
<a href="html/libvirt-libvirt.html" shape="rect">API reference manual</a>
documentation for the API in question.
</p>
<h3>
<a name="object_connect" shape="rect" id="object_connect">virConnectPtr</a>
<a class="headerlink" href="#object_connect" title="Permalink to this headline">¶</a>
</h3>
<table class="acl"><thead><tr><th rowspan="1" colspan="1">Permission</th><th rowspan="1" colspan="1">Description</th></tr></thead><tbody><tr><td rowspan="1" colspan="1"><a name="perm_connect_detect_storage_pools" shape="rect" id="perm_connect_detect_storage_pools">detect-storage-pools</a></td><td rowspan="1" colspan="1">Detect storage pools</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_connect_getattr" shape="rect" id="perm_connect_getattr">getattr</a></td><td rowspan="1" colspan="1">Access connection</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_connect_interface_transaction" shape="rect" id="perm_connect_interface_transaction">interface-transaction</a></td><td rowspan="1" colspan="1">Interface transactions</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_connect_pm_control" shape="rect" id="perm_connect_pm_control">pm-control</a></td><td rowspan="1" colspan="1">Use host power management</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_connect_read" shape="rect" id="perm_connect_read">read</a></td><td rowspan="1" colspan="1">Read host</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_connect_search_domains" shape="rect" id="perm_connect_search_domains">search-domains</a></td><td rowspan="1" colspan="1">List domains</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_connect_search_interfaces" shape="rect" id="perm_connect_search_interfaces">search-interfaces</a></td><td rowspan="1" colspan="1">List interfaces</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_connect_search_networks" shape="rect" id="perm_connect_search_networks">search-networks</a></td><td rowspan="1" colspan="1">List networks</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_connect_search_node_devices" shape="rect" id="perm_connect_search_node_devices">search-node-devices</a></td><td rowspan="1" colspan="1">List node devices</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_connect_search_nwfilters" shape="rect" id="perm_connect_search_nwfilters">search-nwfilters</a></td><td rowspan="1" colspan="1">List network filters</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_connect_search_secrets" shape="rect" id="perm_connect_search_secrets">search-secrets</a></td><td rowspan="1" colspan="1">List secrets</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_connect_search_storage_pools" shape="rect" id="perm_connect_search_storage_pools">search-storage-pools</a></td><td rowspan="1" colspan="1">List storage pools</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_connect_write" shape="rect" id="perm_connect_write">write</a></td><td rowspan="1" colspan="1">Write host</td></tr></tbody></table>
<h3>
<a name="object_domain" shape="rect" id="object_domain">virDomainPtr</a>
<a class="headerlink" href="#object_domain" title="Permalink to this headline">¶</a>
</h3>
<table class="acl"><thead><tr><th rowspan="1" colspan="1">Permission</th><th rowspan="1" colspan="1">Description</th></tr></thead><tbody><tr><td rowspan="1" colspan="1"><a name="perm_domain_block_read" shape="rect" id="perm_domain_block_read">block-read</a></td><td rowspan="1" colspan="1">Read domain block</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_block_write" shape="rect" id="perm_domain_block_write">block-write</a></td><td rowspan="1" colspan="1">Write domain block</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_core_dump" shape="rect" id="perm_domain_core_dump">core-dump</a></td><td rowspan="1" colspan="1">Dump domain</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_delete" shape="rect" id="perm_domain_delete">delete</a></td><td rowspan="1" colspan="1">Delete domain</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_fs_freeze" shape="rect" id="perm_domain_fs_freeze">fs-freeze</a></td><td rowspan="1" colspan="1">Freeze and thaw domain filesystems</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_fs_trim" shape="rect" id="perm_domain_fs_trim">fs-trim</a></td><td rowspan="1" colspan="1">Trim domain filesystems</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_getattr" shape="rect" id="perm_domain_getattr">getattr</a></td><td rowspan="1" colspan="1">Access domain</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_hibernate" shape="rect" id="perm_domain_hibernate">hibernate</a></td><td rowspan="1" colspan="1">Hibernate domain</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_init_control" shape="rect" id="perm_domain_init_control">init-control</a></td><td rowspan="1" colspan="1">Domain init control</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_inject_nmi" shape="rect" id="perm_domain_inject_nmi">inject-nmi</a></td><td rowspan="1" colspan="1">Inject domain NMI</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_mem_read" shape="rect" id="perm_domain_mem_read">mem-read</a></td><td rowspan="1" colspan="1">Read domain memory</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_migrate" shape="rect" id="perm_domain_migrate">migrate</a></td><td rowspan="1" colspan="1">Migrate domain</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_open_device" shape="rect" id="perm_domain_open_device">open-device</a></td><td rowspan="1" colspan="1">Open domain device</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_open_graphics" shape="rect" id="perm_domain_open_graphics">open-graphics</a></td><td rowspan="1" colspan="1">Open domain graphics</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_open_namespace" shape="rect" id="perm_domain_open_namespace">open-namespace</a></td><td rowspan="1" colspan="1">Open domain namespace</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_pm_control" shape="rect" id="perm_domain_pm_control">pm-control</a></td><td rowspan="1" colspan="1">Use domain power management</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_read" shape="rect" id="perm_domain_read">read</a></td><td rowspan="1" colspan="1">Read domain</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_read_secure" shape="rect" id="perm_domain_read_secure">read-secure</a></td><td rowspan="1" colspan="1">Read secure domain</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_reset" shape="rect" id="perm_domain_reset">reset</a></td><td rowspan="1" colspan="1">Reset domain</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_save" shape="rect" id="perm_domain_save">save</a></td><td rowspan="1" colspan="1">Save domain</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_screenshot" shape="rect" id="perm_domain_screenshot">screenshot</a></td><td rowspan="1" colspan="1">Take domain screenshot</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_send_input" shape="rect" id="perm_domain_send_input">send-input</a></td><td rowspan="1" colspan="1">Send domain input</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_send_signal" shape="rect" id="perm_domain_send_signal">send-signal</a></td><td rowspan="1" colspan="1">Send domain signal</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_set_time" shape="rect" id="perm_domain_set_time">set-time</a></td><td rowspan="1" colspan="1">Write domain time</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_snapshot" shape="rect" id="perm_domain_snapshot">snapshot</a></td><td rowspan="1" colspan="1">Snapshot domain</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_start" shape="rect" id="perm_domain_start">start</a></td><td rowspan="1" colspan="1">Start domain</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_stop" shape="rect" id="perm_domain_stop">stop</a></td><td rowspan="1" colspan="1">Stop domain</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_suspend" shape="rect" id="perm_domain_suspend">suspend</a></td><td rowspan="1" colspan="1">Suspend domain</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_domain_write" shape="rect" id="perm_domain_write">write</a></td><td rowspan="1" colspan="1">Write domain</td></tr></tbody></table>
<h3>
<a name="object_interface" shape="rect" id="object_interface">virInterfacePtr</a>
<a class="headerlink" href="#object_interface" title="Permalink to this headline">¶</a>
</h3>
<table class="acl"><thead><tr><th rowspan="1" colspan="1">Permission</th><th rowspan="1" colspan="1">Description</th></tr></thead><tbody><tr><td rowspan="1" colspan="1"><a name="perm_interface_delete" shape="rect" id="perm_interface_delete">delete</a></td><td rowspan="1" colspan="1">Delete interface</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_interface_getattr" shape="rect" id="perm_interface_getattr">getattr</a></td><td rowspan="1" colspan="1">Access interface</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_interface_read" shape="rect" id="perm_interface_read">read</a></td><td rowspan="1" colspan="1">Read interface</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_interface_save" shape="rect" id="perm_interface_save">save</a></td><td rowspan="1" colspan="1">Save interface</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_interface_start" shape="rect" id="perm_interface_start">start</a></td><td rowspan="1" colspan="1">Start interface</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_interface_stop" shape="rect" id="perm_interface_stop">stop</a></td><td rowspan="1" colspan="1">Stop interface</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_interface_write" shape="rect" id="perm_interface_write">write</a></td><td rowspan="1" colspan="1">Write interface</td></tr></tbody></table>
<h3>
<a name="object_network" shape="rect" id="object_network">virNetworkPtr</a>
<a class="headerlink" href="#object_network" title="Permalink to this headline">¶</a>
</h3>
<table class="acl"><thead><tr><th rowspan="1" colspan="1">Permission</th><th rowspan="1" colspan="1">Description</th></tr></thead><tbody><tr><td rowspan="1" colspan="1"><a name="perm_network_delete" shape="rect" id="perm_network_delete">delete</a></td><td rowspan="1" colspan="1">Delete network</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_network_getattr" shape="rect" id="perm_network_getattr">getattr</a></td><td rowspan="1" colspan="1">Access network</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_network_read" shape="rect" id="perm_network_read">read</a></td><td rowspan="1" colspan="1">Read network</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_network_save" shape="rect" id="perm_network_save">save</a></td><td rowspan="1" colspan="1">Save network</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_network_start" shape="rect" id="perm_network_start">start</a></td><td rowspan="1" colspan="1">Start network</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_network_stop" shape="rect" id="perm_network_stop">stop</a></td><td rowspan="1" colspan="1">Stop network</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_network_write" shape="rect" id="perm_network_write">write</a></td><td rowspan="1" colspan="1">Write network</td></tr></tbody></table>
<h3>
<a name="object_node_device" shape="rect" id="object_node_device">virNodeDevicePtr</a>
<a class="headerlink" href="#object_node_device" title="Permalink to this headline">¶</a>
</h3>
<table class="acl"><thead><tr><th rowspan="1" colspan="1">Permission</th><th rowspan="1" colspan="1">Description</th></tr></thead><tbody><tr><td rowspan="1" colspan="1"><a name="perm_node_device_detach" shape="rect" id="perm_node_device_detach">detach</a></td><td rowspan="1" colspan="1">Detach node device</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_node_device_getattr" shape="rect" id="perm_node_device_getattr">getattr</a></td><td rowspan="1" colspan="1">Access node device</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_node_device_read" shape="rect" id="perm_node_device_read">read</a></td><td rowspan="1" colspan="1">Read node device</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_node_device_start" shape="rect" id="perm_node_device_start">start</a></td><td rowspan="1" colspan="1">Start node device</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_node_device_stop" shape="rect" id="perm_node_device_stop">stop</a></td><td rowspan="1" colspan="1">Stop node device</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_node_device_write" shape="rect" id="perm_node_device_write">write</a></td><td rowspan="1" colspan="1">Write node device</td></tr></tbody></table>
<h3>
<a name="object_nwfilter" shape="rect" id="object_nwfilter">virNWFilterPtr</a>
<a class="headerlink" href="#object_nwfilter" title="Permalink to this headline">¶</a>
</h3>
<table class="acl"><thead><tr><th rowspan="1" colspan="1">Permission</th><th rowspan="1" colspan="1">Description</th></tr></thead><tbody><tr><td rowspan="1" colspan="1"><a name="perm_nwfilter_delete" shape="rect" id="perm_nwfilter_delete">delete</a></td><td rowspan="1" colspan="1">Delete network filter</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_nwfilter_getattr" shape="rect" id="perm_nwfilter_getattr">getattr</a></td><td rowspan="1" colspan="1">Access network filter</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_nwfilter_read" shape="rect" id="perm_nwfilter_read">read</a></td><td rowspan="1" colspan="1">Read network filter</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_nwfilter_save" shape="rect" id="perm_nwfilter_save">save</a></td><td rowspan="1" colspan="1">Save network filter</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_nwfilter_write" shape="rect" id="perm_nwfilter_write">write</a></td><td rowspan="1" colspan="1">Write network filter</td></tr></tbody></table>
<h3>
<a name="object_secret" shape="rect" id="object_secret">virSecretPtr</a>
<a class="headerlink" href="#object_secret" title="Permalink to this headline">¶</a>
</h3>
<table class="acl"><thead><tr><th rowspan="1" colspan="1">Permission</th><th rowspan="1" colspan="1">Description</th></tr></thead><tbody><tr><td rowspan="1" colspan="1"><a name="perm_secret_delete" shape="rect" id="perm_secret_delete">delete</a></td><td rowspan="1" colspan="1">Delete secret</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_secret_getattr" shape="rect" id="perm_secret_getattr">getattr</a></td><td rowspan="1" colspan="1">Access secret</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_secret_read" shape="rect" id="perm_secret_read">read</a></td><td rowspan="1" colspan="1">Read secret</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_secret_read_secure" shape="rect" id="perm_secret_read_secure">read-secure</a></td><td rowspan="1" colspan="1">Read secure secret</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_secret_save" shape="rect" id="perm_secret_save">save</a></td><td rowspan="1" colspan="1">Save secret</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_secret_write" shape="rect" id="perm_secret_write">write</a></td><td rowspan="1" colspan="1">Write secret</td></tr></tbody></table>
<h3>
<a name="object_storage_pool" shape="rect" id="object_storage_pool">virStoragePoolPtr</a>
<a class="headerlink" href="#object_storage_pool" title="Permalink to this headline">¶</a>
</h3>
<table class="acl"><thead><tr><th rowspan="1" colspan="1">Permission</th><th rowspan="1" colspan="1">Description</th></tr></thead><tbody><tr><td rowspan="1" colspan="1"><a name="perm_storage_pool_delete" shape="rect" id="perm_storage_pool_delete">delete</a></td><td rowspan="1" colspan="1">Delete storage pool</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_storage_pool_format" shape="rect" id="perm_storage_pool_format">format</a></td><td rowspan="1" colspan="1">Format storage pool</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_storage_pool_getattr" shape="rect" id="perm_storage_pool_getattr">getattr</a></td><td rowspan="1" colspan="1">Access storage pool</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_storage_pool_read" shape="rect" id="perm_storage_pool_read">read</a></td><td rowspan="1" colspan="1">Read storage pool</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_storage_pool_refresh" shape="rect" id="perm_storage_pool_refresh">refresh</a></td><td rowspan="1" colspan="1">Refresh storage pool</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_storage_pool_save" shape="rect" id="perm_storage_pool_save">save</a></td><td rowspan="1" colspan="1">Save storage pool</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_storage_pool_search_storage_vols" shape="rect" id="perm_storage_pool_search_storage_vols">search-storage-vols</a></td><td rowspan="1" colspan="1">List storage pool volumes</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_storage_pool_start" shape="rect" id="perm_storage_pool_start">start</a></td><td rowspan="1" colspan="1">Start storage pool</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_storage_pool_stop" shape="rect" id="perm_storage_pool_stop">stop</a></td><td rowspan="1" colspan="1">Stop storage pool</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_storage_pool_write" shape="rect" id="perm_storage_pool_write">write</a></td><td rowspan="1" colspan="1">Write storage pool</td></tr></tbody></table>
<h3>
<a name="object_storage_vol" shape="rect" id="object_storage_vol">virStorageVolPtr</a>
<a class="headerlink" href="#object_storage_vol" title="Permalink to this headline">¶</a>
</h3>
<table class="acl"><thead><tr><th rowspan="1" colspan="1">Permission</th><th rowspan="1" colspan="1">Description</th></tr></thead><tbody><tr><td rowspan="1" colspan="1"><a name="perm_storage_vol_create" shape="rect" id="perm_storage_vol_create">create</a></td><td rowspan="1" colspan="1">Create storage volume</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_storage_vol_data_read" shape="rect" id="perm_storage_vol_data_read">data-read</a></td><td rowspan="1" colspan="1">Read storage volume data</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_storage_vol_data_write" shape="rect" id="perm_storage_vol_data_write">data-write</a></td><td rowspan="1" colspan="1">Write storage volume data</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_storage_vol_delete" shape="rect" id="perm_storage_vol_delete">delete</a></td><td rowspan="1" colspan="1">Delete storage volume</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_storage_vol_format" shape="rect" id="perm_storage_vol_format">format</a></td><td rowspan="1" colspan="1">Format storage volume</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_storage_vol_getattr" shape="rect" id="perm_storage_vol_getattr">getattr</a></td><td rowspan="1" colspan="1">Access storage volume</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_storage_vol_read" shape="rect" id="perm_storage_vol_read">read</a></td><td rowspan="1" colspan="1">Read storage volume</td></tr><tr><td rowspan="1" colspan="1"><a name="perm_storage_vol_resize" shape="rect" id="perm_storage_vol_resize">resize</a></td><td rowspan="1" colspan="1">Resize storage volume</td></tr></tbody></table>
</div>
</div>
<div id="footer">
<p id="sponsor">
Sponsored by:<br /><a href="http://et.redhat.com/"><img src="et.png" alt="Project sponsored by Red Hat Emerging Technology" /></a></p>
</div>
</body>
</html>
|
