Commit Graph

20 Commits

Author SHA1 Message Date
Jim Fehlig 2171442d62 xenapi: remove driver
The xenapi driver has not seen any development since its initial
contribution 9 years ago. There have been no bug reports, no patches,
and no queries about the driver on the developer or user mailing lists.
Remove the driver from the libvirt sources.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-09-03 15:37:54 -06:00
Mark McLoughlin 30c225c673 docs: use JavaScript based PolicyKit .rules files
PolicyKit authentication rules have switched to a JavaScript based
format quite some time ago. See:

http://davidz25.blogspot.com/2012/06/authorization-rules-in-polkit.html

While backwards compat for the old .pkla format is still available, it
makes sense to point people first at the new format.

The SSHPolicyKitSetup wiki page seems pretty stale, so remove the
reference to it.

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
2019-01-21 18:45:27 +00:00
Daniel P. Berrange b1c81567c7 docs: switch to using HTML5 doctype declaration
The HTML5 doctype is simply

  <!DOCTYPE html>

no DTD is present because HTML5 is no longer defined as an
extension of SGML.

XSL has no way to natively output a doctype without a public
or system identifier, so we have to use an <xsl:text> hack
instead.

See also

  https://dev.w3.org/html5/html-author/#doctype-declaration

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-08-02 17:00:11 +01:00
Daniel P. Berrange 4e42ff6b7e docs: switch to using 'id' attribute instead of 'name' for links
The 'name' attribute on <a...> elements is deprecated in favour
of the 'id' attribute which is allowed on any element. HTML5
drops 'name' support entirely.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-08-02 17:00:11 +01:00
Daniel P. Berrange 3c647ee4bb Switch to GSSAPI (kerberos) instead of the insecure DIGEST-MD5
RFC 6331 documents a number of serious security weaknesses in
the SASL DIGEST-MD5 mechanism. As such, libvirtd should not
by using it as a default mechanism. GSSAPI is the only other
viable SASL mechanism that can provide secure session encryption
so enable that by defalt as the replacement.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-03-15 18:14:51 +00:00
Martin Kletzander c51cd0cd69 docs: Reference the right config option
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2017-01-05 16:12:36 +01:00
yuelongguang 969b27d84c add help document relevant to default mapping of credentials to machines
* src/util/virauthconfig.c
2016-06-24 16:36:54 +01:00
Daniel P. Berrange da13f2c70c Add documentation for access control system
This adds two new pages to the website, acl.html describing
the general access control framework and permissions models,
and aclpolkit.html describing the use of polkit as an
access control driver.

page.xsl is modified to support a new syntax

  <div id="include" filename="somefile.htmlinc"/>

which will cause the XSL transform to replace that <div>
with the contents of 'somefile.htmlinc'. We use this in
the acl.html.in file, to pull the table of permissions
for each libvirt object. This table is autogenerated
from the enums in src/access/viraccessperms.h by the
genaclperms.pl script.

newapi.xsl is modified so that the list of permissions
checks shown against each API will link to the description
of the permissions in acl.html

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-09 17:13:02 +01:00
Daniel P. Berrange f2f9742d4d Fix multiple formatting problems in HTML docs
The rule generating the HTML docs passing the --html flag
to xsltproc. This makes it use the legacy HTML parser, which
either ignores or tries to fix all sorts of broken XML tags.
There's no reason why we should be writing broken XML in
the first place, so removing --html and adding the XHTML
doctype to all files forces us to create good XML.

This adds the XHTML doc type and fixes many, many XML tag
problems it exposes.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-03 15:56:15 +01:00
Eric Blake cdb1c3b6e2 docs: fix typo when using Kerberos principals
Kerberos uses 'primary' or 'key' files (principals), not 'abstract
ideal' or 'rule' files (principles).  Reported by Jason Meinzer.

Reflow a paragraph to fit in 80 columns in the process.

* docs/auth.html.in: Fix spelling.
2013-04-09 16:46:04 -06:00
Michał Łomnicki c86f53d5b2 docs: Fix location of libvirt.conf and auth.conf
For a unprivileged user libvirt.conf and auth.conf are looked up in
$XDG_CONFIG_HOME but the docs incorrectly state that it's $XDG_CONFIG_DIR.
2012-12-14 13:35:03 +01:00
Cole Robinson fe772f24a6 daemon: Avoid 'Could not find keytab file' in syslog
On F17 at least, every time libvirtd starts we get this in syslog:

libvirtd: Could not find keytab file: /etc/libvirt/krb5.tab: No such file or directory

This comes from cyrus-sasl, and happens regardless of whether the
gssapi plugin is requested, which is what actually uses
/etc/libvirt/krb5.tab.

While cyrus-sasl shouldn't complain, we can easily make it shut up by
commenting out the keytab value by default.

Also update the keytab comment to the more modern one from qemu's
sasl config file.
2012-10-21 13:21:07 -04:00
William Jon McCann 32a9aac2e0 Use XDG Base Directories instead of storing in home directory
As defined in:
http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html

This offers a number of advantages:
 * Allows sharing a home directory between different machines, or
sessions (eg. using NFS)
 * Cleanly separates cache, runtime (eg. sockets), or app data from
user settings
 * Supports performing smart or selective migration of settings
between different OS versions
 * Supports reseting settings without breaking things
 * Makes it possible to clear cache data to make room when the disk
is filling up
 * Allows us to write a robust and efficient backup solution
 * Allows an admin flexibility to change where data and settings are stored
 * Dramatically reduces the complexity and incoherence of the
system for administrators
2012-05-14 15:15:58 +01:00
Daniel P. Berrange a4fb88b5c9 Add helper API for finding auth file path
* src/util/virauth.c, src/util/virauth.h: Add virAuthGetConfigFilePath
* include/libvirt/virterror.h, src/util/virterror.c: Add
  VIR_FROM_AUTH error domain

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-03-23 13:24:07 +00:00
Justin Clift 1354b603ae docs: added a table of contents to the first 11 docs files
There are a 58 docs files, so adding an autogenerated Table Of
Contents to them all will take some time.  This is the first
piece of the work done.
2010-10-27 15:01:45 +11:00
Justin Clift df1718cc73 docs: reworked the policykit patch submitted by Patrick Dignan
Tweaked the PolicyKit documentation improvement patch submitted
by Patrick Dignan.

Additionally, removed the reference to PolicyKit.conf, which is
no longer used by PolicyKit, plus added a link to the expanded
PolicyKit example page on the wiki.
2010-09-17 00:43:44 +10:00
Dan Kenigsberg d5739ab56a docs: add 3 missing spaces 2010-02-21 14:56:23 +01:00
Dan Kenigsberg 27a1f781bc Fix a number of small typos 2009-09-22 12:55:39 +02:00
Daniel P. Berrange 7b21582e2d Fix polkit docs 2008-05-08 11:52:21 +00:00
Daniel P. Berrange 9092c3d491 Split website out into one file per page. APply new layout and styling 2008-04-23 17:08:31 +00:00