[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] Fine grained Access Control in libVirt



On Fri, Jan 16, 2009 at 12:16:10PM +0900, Atsushi SAKAI wrote:
> Hi, Dan
> 
> Would you explain the difference with sVirt?
> The final goal sVirt seems same form me.
> (for example, define many security domain etc in .te file.)

At this stage sVirt is primarily about protecting guests from
each other, and protecting the host from guests.

Konrad's suggestions are about protecting guests/hosts from 
administrators, by providing more fine grained control over
what libvirt APIs an admin can invoke & on what objects.

Both bits of work are required & are complementary to each other

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]