Hello,
I've been working on reusing polkit authorization for OpenLMI providers,
which use a DBus service (e.g. NetworkManager, PackageKit, realmd,
systemd, ...).
I've documented the architecture on our wiki [1] and I submitted review
in our review-board. I won't push the patches until we get to an
agreement that it's the way to go and also the implementation is secure
- please review carefully. There are *no* changes needed in our provider
code and/or in the DBus services we work with.
1: https://fedorahosted.org/openlmi/wiki/PolkitAuthorization
2: https://reviewboard-openlmi.rhcloud.com/users/jsafrane/
In short, the concept is similar to Cockpit's reauthorization [3], we
just don't play tricks with user passwords - we don't have one on CIM
provider level. Instead, we register a polkit agent, which bluntly
authenticates every request from polkit in its PAM session.
3: https://github.com/cockpit-project/cockpit/blob/master/doc/reauthorize.md
[Kudos to Cockpit guys, I used their code to implement polkit agent and
helper.]
Just a side note: right now, users with remote CIM access must be
members of 'pegasus' group, otherwise they cannot start a provider. Is
it good or bad? Should _any_ user be able to use CIM by default and let
polkit decide? It's trivial to fix, just set different file/directory
permissions in tog-pegasus.rpm. And there is /etc/Pegasus/access.conf,
which can control access properly if sysadmin wishes, so the question is
just about the default setting.
Jan
Hello,
I developed GUI for OpenLMI (+ account and service provider) as part of
my bachelor thesis. Now as an intern I continue working on it.
It is capable of generating scripts for LMIShell as well as execute
these changes. It can also discover computers on network using SLP.
For those of you, who might be interested, follow this link:
https://github.com/mhatina/openlmi_gui
Martin Hatina
Hi,
I've been recently working on design of OpenLMI Firewalld provider model.
The model is loosely based on firewalld API but adjusted to provide CIM-like
look&feel.
Note that firewalld API is fairly complex so there might be some
adjustments in the model as I will write the provider itself.
Design document:
https://rnovacek.fedorapeople.org/openlmi-firewalld/v1/html/design.html
MOF file:
https://rnovacek.fedorapeople.org/openlmi-firewalld/v1/60_LMI_Firewalld.html
The model is not yet fully complete, for example indications, lockdown,
panic mode and reconfiguration are not there yet. Some of them will be
added in the future (indication support), some needs to be evaluated
whether they're useful to have at all.
Suggestions and comments are welcome.
Radek Novacek
Send openlmi-reviews mailing list submissions to
openlmi-reviews(a)lists.fedorahosted.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.fedorahosted.org/mailman/listinfo/openlmi-reviews
or, via email, send a message with subject or body 'help' to
openlmi-reviews-request(a)lists.fedorahosted.org
You can reach the person managing the list at
openlmi-reviews-owner(a)lists.fedorahosted.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of openlmi-reviews digest..."
Today's Topics:
1. buildbot failure in OpenLMI on networking-rawhide
(openlmiproject(a)gmail.com)
2. buildbot failure in OpenLMI on providers-rhel6
(openlmiproject(a)gmail.com)
3. buildbot failure in OpenLMI on networking-rhel6
(openlmiproject(a)gmail.com)
4. buildbot failure in OpenLMI on storage-rhel6
(openlmiproject(a)gmail.com)
5. buildbot failure in OpenLMI on providers-rhel7stable
(openlmiproject(a)gmail.com)
6. buildbot failure in OpenLMI on providers-rhel7
(openlmiproject(a)gmail.com)
7. buildbot success in OpenLMI on networking-rhel7
(openlmiproject(a)gmail.com)
8. buildbot failure in OpenLMI on storage-rhel7
(openlmiproject(a)gmail.com)
9. buildbot failure in OpenLMI on storage-rhel7stable
(openlmiproject(a)gmail.com)
10. buildbot failure in OpenLMI on networking-rawhide
(openlmiproject(a)gmail.com)
11. buildbot failure in OpenLMI on storage-rawhide
(openlmiproject(a)gmail.com)
_______________________________________________
openlmi-reviews mailing list
openlmi-reviews(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/openlmi-reviews
Send openlmi-reviews mailing list submissions to
openlmi-reviews(a)lists.fedorahosted.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.fedorahosted.org/mailman/listinfo/openlmi-reviews
or, via email, send a message with subject or body 'help' to
openlmi-reviews-request(a)lists.fedorahosted.org
You can reach the person managing the list at
openlmi-reviews-owner(a)lists.fedorahosted.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of openlmi-reviews digest..."
Today's Topics:
1. Re: Review Request 1980: lmishell, fix compat indication
listener (Peter Hatina)
2. buildbot failure in OpenLMI on storage-rhel6
(openlmiproject(a)gmail.com)
3. buildbot failure in OpenLMI on providers-rhel6
(openlmiproject(a)gmail.com)
4. buildbot failure in OpenLMI on networking-rhel6
(openlmiproject(a)gmail.com)
5. buildbot failure in OpenLMI on storage-rhel7stable
(openlmiproject(a)gmail.com)
6. buildbot failure in OpenLMI on storage-rhel7
(openlmiproject(a)gmail.com)
7. buildbot failure in OpenLMI on providers-rhel7
(openlmiproject(a)gmail.com)
8. buildbot success in OpenLMI on networking-rhel7
(openlmiproject(a)gmail.com)
9. buildbot failure in OpenLMI on providers-rhel7stable
(openlmiproject(a)gmail.com)
10. buildbot failure in OpenLMI on networking-rawhide
(openlmiproject(a)gmail.com)
11. buildbot failure in OpenLMI on storage-rawhide
(openlmiproject(a)gmail.com)
_______________________________________________
openlmi-reviews mailing list
openlmi-reviews(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/openlmi-reviews
Send openlmi-reviews mailing list submissions to
openlmi-reviews(a)lists.fedorahosted.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.fedorahosted.org/mailman/listinfo/openlmi-reviews
or, via email, send a message with subject or body 'help' to
openlmi-reviews-request(a)lists.fedorahosted.org
You can reach the person managing the list at
openlmi-reviews-owner(a)lists.fedorahosted.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of openlmi-reviews digest..."
Today's Topics:
1. Review Request 1978: networking [1/2] Use safe version of
lmi_get_system_name (Radek Novacek)
2. Review Request 1979: networking [2/2] Get rid of glib
deprecation warnings (Radek Novacek)
3. Re: Review Request 1979: networking [2/2] Get rid of glib
deprecation warnings (scanbot)
4. Review Request 1980: lmishell, fix compat indication listener
(Peter Hatina)
5. Re: Review Request 1978: networking [1/2] Use safe version of
lmi_get_system_name (scanbot)
6. Re: Review Request 1979: networking [2/2] Get rid of glib
deprecation warnings (scanbot)
7. Review Request 1981: openlmi-storage: Fixed creation of btrfs
volumes. (Jan Safranek)
8. Review Request 1982: openlmi-providers tools: Update tree
generator. (Jan Safranek)
9. Re: Review Request 1982: openlmi-providers tools: Update tree
generator. (Jan Safranek)
10. Re: Review Request 1982: openlmi-providers tools: Update tree
generator. (Radek Novacek)
11. buildbot failure in OpenLMI on providers-rhel6
(openlmiproject(a)gmail.com)
12. buildbot failure in OpenLMI on storage-rhel6
(openlmiproject(a)gmail.com)
13. buildbot failure in OpenLMI on networking-rhel6
(openlmiproject(a)gmail.com)
14. buildbot failure in OpenLMI on storage-rhel7stable
(openlmiproject(a)gmail.com)
15. buildbot failure in OpenLMI on providers-rhel7
(openlmiproject(a)gmail.com)
16. buildbot failure in OpenLMI on storage-rhel7
(openlmiproject(a)gmail.com)
17. buildbot success in OpenLMI on networking-rhel7
(openlmiproject(a)gmail.com)
18. buildbot failure in OpenLMI on providers-rhel7stable
(openlmiproject(a)gmail.com)
19. Review Request 1983: providers [1/1] mofparser: do not
produce parsing output (Radek Novacek)
20. Re: Review Request 1982: openlmi-providers tools: Update tree
generator. (Jan Safranek)
21. buildbot failure in OpenLMI on networking-rawhide
(openlmiproject(a)gmail.com)
22. buildbot failure in OpenLMI on providers-rhel6
(openlmiproject(a)gmail.com)
23. buildbot failure in OpenLMI on providers-rhel7
(openlmiproject(a)gmail.com)
24. Re: Review Request 1983: providers [1/1] mofparser: do not
produce parsing output (Jan Synacek)
25. Re: Review Request 1981: openlmi-storage: Fixed creation of
btrfs volumes. (Jan Synacek)
26. Re: Review Request 1979: networking [2/2] Get rid of glib
deprecation warnings (Jan Synacek)
27. Re: Review Request 1978: networking [1/2] Use safe version of
lmi_get_system_name (Jan Synacek)
28. buildbot failure in OpenLMI on providers-rhel6
(openlmiproject(a)gmail.com)
29. buildbot failure in OpenLMI on networking-rhel6
(openlmiproject(a)gmail.com)
30. buildbot failure in OpenLMI on providers-rhel7
(openlmiproject(a)gmail.com)
31. buildbot failure in OpenLMI on networking-rhel7
(openlmiproject(a)gmail.com)
32. buildbot failure in OpenLMI on storage-rawhide
(openlmiproject(a)gmail.com)
33. Review Request 1984: providers [1/1] JobManager: fix
undefined variable 'queue' (Radek Novacek)
_______________________________________________
openlmi-reviews mailing list
openlmi-reviews(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/openlmi-reviews
Send openlmi-reviews mailing list submissions to
openlmi-reviews(a)lists.fedorahosted.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.fedorahosted.org/mailman/listinfo/openlmi-reviews
or, via email, send a message with subject or body 'help' to
openlmi-reviews-request(a)lists.fedorahosted.org
You can reach the person managing the list at
openlmi-reviews-owner(a)lists.fedorahosted.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of openlmi-reviews digest..."
Today's Topics:
1. buildbot failure in OpenLMI on networking-rhel6
(openlmiproject(a)gmail.com)
2. buildbot failure in OpenLMI on storage-rhel6
(openlmiproject(a)gmail.com)
3. buildbot failure in OpenLMI on networking-rhel7
(openlmiproject(a)gmail.com)
4. buildbot failure in OpenLMI on providers-rhel6
(openlmiproject(a)gmail.com)
5. buildbot failure in OpenLMI on providers-rhel7stable
(openlmiproject(a)gmail.com)
6. buildbot failure in OpenLMI on storage-rhel7
(openlmiproject(a)gmail.com)
7. buildbot failure in OpenLMI on providers-rhel7
(openlmiproject(a)gmail.com)
8. buildbot failure in OpenLMI on storage-rhel7stable
(openlmiproject(a)gmail.com)
9. buildbot failure in OpenLMI on networking-rawhide
(openlmiproject(a)gmail.com)
10. buildbot failure in OpenLMI on networking-rawhide
(openlmiproject(a)gmail.com)
11. buildbot failure in OpenLMI on storage-rawhide
(openlmiproject(a)gmail.com)
12. buildbot failure in OpenLMI on providers-rawhide
(openlmiproject(a)gmail.com)
13. buildbot failure in OpenLMI on networking-rawhide
(openlmiproject(a)gmail.com)
_______________________________________________
openlmi-reviews mailing list
openlmi-reviews(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/openlmi-reviews
A new version of LMIWBEM is now available.
What's new?
* support ppc(64(le)), s390(x), aarch64
* conditional support of CIMIndicationListener
* is_error()
* SLP discovery support
* fixed deadlocks when used by multithreaded application
* various fixes
Enjoy!
--
Peter Hatina
ENG Server Experience, System Management
PGP: F32822A9
Red Hat, Inc. http://cz.redhat.com
Send openlmi-reviews mailing list submissions to
openlmi-reviews(a)lists.fedorahosted.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.fedorahosted.org/mailman/listinfo/openlmi-reviews
or, via email, send a message with subject or body 'help' to
openlmi-reviews-request(a)lists.fedorahosted.org
You can reach the person managing the list at
openlmi-reviews-owner(a)lists.fedorahosted.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of openlmi-reviews digest..."
Today's Topics:
1. buildbot failure in OpenLMI on providers-rhel6
(openlmiproject(a)gmail.com)
2. buildbot failure in OpenLMI on networking-rhel6
(openlmiproject(a)gmail.com)
3. buildbot failure in OpenLMI on storage-rhel6
(openlmiproject(a)gmail.com)
4. buildbot failure in OpenLMI on storage-rhel7stable
(openlmiproject(a)gmail.com)
5. buildbot success in OpenLMI on networking-rhel7
(openlmiproject(a)gmail.com)
6. buildbot failure in OpenLMI on providers-rhel7stable
(openlmiproject(a)gmail.com)
7. buildbot failure in OpenLMI on storage-rhel7
(openlmiproject(a)gmail.com)
8. buildbot failure in OpenLMI on providers-rawhide
(openlmiproject(a)gmail.com)
9. buildbot failure in OpenLMI on networking-rawhide
(openlmiproject(a)gmail.com)
10. buildbot failure in OpenLMI on storage-rawhide
(openlmiproject(a)gmail.com)
_______________________________________________
openlmi-reviews mailing list
openlmi-reviews(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/openlmi-reviews