[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [libvirt] Fine grained Access Control in libVirt

From: Konrad Eriksson1 <KON zurich ibm com>
To: Atsushi SAKAI <sakaia jp fujitsu com>
Cc: libvir-list redhat com
Subject: Re: [libvirt] Fine grained Access Control in libVirt
Date: Fri, 16 Jan 2009 13:07:33 +0100

Daniel summarized my approach nicely.
Basically I'm looking at enabling multi-tenancy administration where several admins can exist but they can only see and/or manipulate with resources (VMs, storage, networks) assigned to them.
By making use of a generic AC-module approach where actions gets passed through arbitrary complex access control can be enforced since the AC-module could implement/interface different schemes of granting/denying access depending on what enforcing policy wants to be used.
One could for example use SELinux as a scheme to enable RBAC and/or tie it together with policies for sVirt.

An initial implementation step would be realizing the AC-module foundation and starting with moving out the RW/RO enforcement (currently residing within libvirt.c) as first basic enforcement scheme.

Freundliche Grüsse / Best regards

Konrad Eriksson
Research Software Engineer
Trusted Computing / Security & Assurance

Email: kon zurich ibm com
Phone: +41 (0)44 724 84 28

IBM Zurich Research Laboratory

Saeumerstrasse 4
8803 Rueschlikon
Switzerland

From:	"Daniel P. Berrange" <berrange redhat com>
To:	Atsushi SAKAI <sakaia jp fujitsu com>
Cc:	Konrad Eriksson1 <KON zurich ibm com>, libvir-list redhat com
Date:	01/16/2009 10:57 AM
Subject:	Re: [libvirt] Fine grained Access Control in libVirt

On Fri, Jan 16, 2009 at 12:16:10PM +0900, Atsushi SAKAI wrote: > Hi, Dan > > Would you explain the difference with sVirt? > The final goal sVirt seems same form me. > (for example, define many security domain etc in .te file.) At this stage sVirt is primarily about protecting guests from each other, and protecting the host from guests. Konrad's suggestions are about protecting guests/hosts from administrators, by providing more fine grained control over what libvirt APIs an admin can invoke & on what objects. Both bits of work are required & are complementary to each other Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/:| |:http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org:| |:http://autobuild.org -o- http://search.cpan.org/~danberr/:| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- Re: [libvirt] Fine grained Access Control in libVirt
  - From: Daniel P. Berrange
- Re: [libvirt] Fine grained Access Control in libVirt
  - From: Atsushi SAKAI
- Re: [libvirt] Fine grained Access Control in libVirt
  - From: Daniel P. Berrange

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]