[libvirt] Fine grained Access Control in libVirt

Konrad Eriksson1 KON at zurich.ibm.com
Fri Jan 16 12:07:33 UTC 2009 

Daniel summarized my approach nicely.
Basically I'm looking at enabling multi-tenancy administration where 
several admins can exist but they can only see and/or manipulate with 
resources (VMs, storage, networks) assigned to them.
By making use of a generic AC-module approach where actions gets passed 
through arbitrary complex access control can be enforced since the 
AC-module could implement/interface different schemes of granting/denying 
access depending on what enforcing policy wants to be used.
One could for example use SELinux as a scheme to enable RBAC and/or tie it 
together with policies for sVirt.

An initial implementation step would be realizing the AC-module foundation 
and starting with moving out the RW/RO enforcement (currently residing 
within libvirt.c) as first basic enforcement scheme.


Freundliche Grüsse / Best regards


Konrad Eriksson
Research Software Engineer
Trusted Computing / Security & Assurance

Email: kon at zurich.ibm.com
Phone: +41 (0)44 724 84 28 

IBM Zurich Research Laboratory

Saeumerstrasse 4
8803 Rueschlikon
Switzerland 




From:
"Daniel P. Berrange" <berrange at redhat.com>
To:
Atsushi SAKAI <sakaia at jp.fujitsu.com>
Cc:
Konrad Eriksson1 <KON at zurich.ibm.com>, libvir-list at redhat.com
Date:
01/16/2009 10:57 AM
Subject:
Re: [libvirt] Fine grained Access Control in libVirt



On Fri, Jan 16, 2009 at 12:16:10PM +0900, Atsushi SAKAI wrote:
> Hi, Dan
> 
> Would you explain the difference with sVirt?
> The final goal sVirt seems same form me.
> (for example, define many security domain etc in .te file.)

At this stage sVirt is primarily about protecting guests from
each other, and protecting the host from guests.

Konrad's suggestions are about protecting guests/hosts from 
administrators, by providing more fine grained control over
what libvirt APIs an admin can invoke & on what objects.

Both bits of work are required & are complementary to each other

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ 
:|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org 
:|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ 
:|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 
:|


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090116/937052b2/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 137 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090116/937052b2/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7917 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090116/937052b2/attachment-0001.bin>

More information about the libvir-list mailing list