[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] Fine grained Access Control in libVirt




Daniel summarized my approach nicely.
Basically I'm looking at enabling multi-tenancy administration where several admins can exist but they can only see and/or manipulate with resources (VMs, storage, networks) assigned to them.
By making use of a generic AC-module approach where actions gets passed through arbitrary complex access control can be enforced since the AC-module could implement/interface different schemes of granting/denying access depending on what enforcing policy wants to be used.
One could for example use SELinux as a scheme to enable RBAC and/or tie it together with policies for sVirt.

An initial implementation step would be realizing the AC-module foundation and starting with moving out the RW/RO enforcement (currently residing within libvirt.c) as first basic enforcement scheme.


Freundliche GrĂ¼sse / Best regards

Konrad Eriksson
Research Software Engineer
Trusted Computing / Security & Assurance

Email:
kon zurich ibm com
Phone: +41 (0)44 724 84 28

IBM Zurich Research Laboratory


Saeumerstrasse 4
8803 Rueschlikon
Switzerland




From: "Daniel P. Berrange" <berrange redhat com>
To: Atsushi SAKAI <sakaia jp fujitsu com>
Cc: Konrad Eriksson1 <KON zurich ibm com>, libvir-list redhat com
Date: 01/16/2009 10:57 AM
Subject: Re: [libvirt] Fine grained Access Control in libVirt





On Fri, Jan 16, 2009 at 12:16:10PM +0900, Atsushi SAKAI wrote:
> Hi, Dan
>
> Would you explain the difference with sVirt?
> The final goal sVirt seems same form me.
> (for example, define many security domain etc in .te file.)

At this stage sVirt is primarily about protecting guests from
each other, and protecting the host from guests.

Konrad's suggestions are about protecting guests/hosts from
administrators, by providing more fine grained control over
what libvirt APIs an admin can invoke & on what objects.

Both bits of work are required & are complementary to each other

Daniel
--
|: Red Hat, Engineering, London   -o-  
http://people.redhat.com/berrange/ :|
|:
http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|:
http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]