[Pacemaker] Multi-level ACLs for the CIB

[Andrew Beekhof]

On Thu, Feb 4, 2010 at 5:24 PM, Yan Gao <ygao at novell.com> wrote:
>> And put exclusions for things like passwords before  the read for the whole cib?
> Yes. We should specify any "deny" and "write" objects before it.

I like the syntax now, but my original concern (that all the
validation occurs in the client library) remains... so this still
isn't providing any real security.