LinuxLists.cc - [refpolicy] New policy for glance from fedora

2011-12-02 15:15:01

Subject: [refpolicy] New policy for glance from fedora

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Glance policy needs definition for glance_registry port.

The Glance project provides services for discovering, registering, and
retrieving virtual machine images. Glance has a RESTful API that
allows querying of VM image metadata as well as retrieval of the
actual image.

VM images made available through Glance can be stored in a variety of
locations from simple filesystems to object-storage systems like the
OpenStack Swift project.

Glance, as with all OpenStack projects, is written with the following
design guidelines in mind:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk7Y63UACgkQrlYvE4MpobNgZACdEm/Ijh8NDvfDGv6uqMwVJZnS
ri0An1uBj0MyKYllp2xcAAC8SR4JvP+D
=x3Wd
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: glance_base.patch
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20111202/6ed6b6b7/attachment.pl
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: glance.patch
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20111202/6ed6b6b7/attachment-0001.pl

2012-01-05 19:03:02

by sven.vermeulen

[permalink] [raw]

Subject: [refpolicy] New policy for glance from fedora

On Fri, Dec 02, 2011 at 10:15:01AM -0500, Daniel J Walsh wrote:
> Glance policy needs definition for glance_registry port.
>
> The Glance project provides services for discovering, registering, and
> retrieving virtual machine images. Glance has a RESTful API that
> allows querying of VM image metadata as well as retrieval of the
> actual image.
>
> VM images made available through Glance can be stored in a variety of
> locations from simple filesystems to object-storage systems like the
> OpenStack Swift project.
>
> Glance, as with all OpenStack projects, is written with the following
> design guidelines in mind:

Some comments on your two domtrans interfaces:
> +########################################
> +## <summary>
> +## Transition to glance.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed to transition.
> +## </summary>
> +## </param>
> +#
> +interface(`glance_domtrans_registry',`

You might want to have the summary to something like "Transition to glance
registry"

Same remark for the glance_domtrans_api one.

Other than that ok.

Acked-by: Sven Vermeulen <[email protected]>