cachepc-qemu

Fork of AMDESE/qemu with changes for cachepc side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-qemu
Log | Files | Refs | Submodules | LICENSE | sfeed.txt

authz.json (2581B)

      1# -*- Mode: Python -*-
      2# vim: filetype=python
      3
      4##
      5# = User authorization
      6##
      7
      8##
      9# @QAuthZListPolicy:
     10#
     11# The authorization policy result
     12#
     13# @deny: deny access
     14# @allow: allow access
     15#
     16# Since: 4.0
     17##
     18{ 'enum': 'QAuthZListPolicy',
     19  'prefix': 'QAUTHZ_LIST_POLICY',
     20  'data': ['deny', 'allow']}
     21
     22##
     23# @QAuthZListFormat:
     24#
     25# The authorization policy match format
     26#
     27# @exact: an exact string match
     28# @glob: string with ? and * shell wildcard support
     29#
     30# Since: 4.0
     31##
     32{ 'enum': 'QAuthZListFormat',
     33  'prefix': 'QAUTHZ_LIST_FORMAT',
     34  'data': ['exact', 'glob']}
     35
     36##
     37# @QAuthZListRule:
     38#
     39# A single authorization rule.
     40#
     41# @match: a string or glob to match against a user identity
     42# @policy: the result to return if @match evaluates to true
     43# @format: the format of the @match rule (default 'exact')
     44#
     45# Since: 4.0
     46##
     47{ 'struct': 'QAuthZListRule',
     48  'data': {'match': 'str',
     49           'policy': 'QAuthZListPolicy',
     50           '*format': 'QAuthZListFormat'}}
     51
     52##
     53# @AuthZListProperties:
     54#
     55# Properties for authz-list objects.
     56#
     57# @policy: Default policy to apply when no rule matches (default: deny)
     58#
     59# @rules: Authorization rules based on matching user
     60#
     61# Since: 4.0
     62##
     63{ 'struct': 'AuthZListProperties',
     64  'data': { '*policy': 'QAuthZListPolicy',
     65            '*rules': ['QAuthZListRule'] } }
     66
     67##
     68# @AuthZListFileProperties:
     69#
     70# Properties for authz-listfile objects.
     71#
     72# @filename: File name to load the configuration from. The file must
     73#            contain valid JSON for AuthZListProperties.
     74#
     75# @refresh: If true, inotify is used to monitor the file, automatically
     76#           reloading changes. If an error occurs during reloading, all
     77#           authorizations will fail until the file is next successfully
     78#           loaded. (default: true if the binary was built with
     79#           CONFIG_INOTIFY1, false otherwise)
     80#
     81# Since: 4.0
     82##
     83{ 'struct': 'AuthZListFileProperties',
     84  'data': { 'filename': 'str',
     85            '*refresh': 'bool' } }
     86
     87##
     88# @AuthZPAMProperties:
     89#
     90# Properties for authz-pam objects.
     91#
     92# @service: PAM service name to use for authorization
     93#
     94# Since: 4.0
     95##
     96{ 'struct': 'AuthZPAMProperties',
     97  'data': { 'service': 'str' } }
     98
     99##
    100# @AuthZSimpleProperties:
    101#
    102# Properties for authz-simple objects.
    103#
    104# @identity: Identifies the allowed user. Its format depends on the network
    105#            service that authorization object is associated with. For
    106#            authorizing based on TLS x509 certificates, the identity must be
    107#            the x509 distinguished name.
    108#
    109# Since: 4.0
    110##
    111{ 'struct': 'AuthZSimpleProperties',
    112  'data': { 'identity': 'str' } }