[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[libvirt] Re: [Patch][RFC] Fine grained access control in libvirt by rbac (0/3)

From: Konrad Eriksson1 <KON zurich ibm com>
To: Syunsuke HAYASHI <syunsuke jp fujitsu com>
Cc: libvir-list redhat com
Subject: [libvirt] Re: [Patch][RFC] Fine grained access control in libvirt by rbac (0/3)
Date: Mon, 26 Jan 2009 16:19:14 +0100

Yes, we're looking into adding similar form of access control in libvirt.

The approach we're looking at is to inject AC as a module that intercepts calls from the libvirt core (libvirt.c) to the drivers.
Reason:
* AC module can be loaded/unloaded on the fly without need to recompile (can support several different AC-modules and load the appropriate one during "connect").
* Making use of (semi-stable) API between libvirt core and drivers (also hypervisor/storage/network driver independent)
* Being in the call-path also enables AC-module to alter return values (such as filtering lists of VMs/NETs/Storages based on access rights)
* Minimal code changes in existing libvirt code (basically a one-liner in libvirt.c to inject AC)

What still is an issue is how to correctly get the identity of the user, especially over remote connection.
I guess you have the same problem? (you're only allowing local usage for now).
The best way would be to link some user-auth data with the virConnectPtr, but becomes a bit trickier when authentication is done prior (like in remote case) to virConnectOpen.

You implemented your own RBAC language to describe the AC-policies.
Have you looked at possibility to link with already existing RBAC mechanisms for Linux (like SELinux or maybe simpler AC-libs)?

Freundliche Grüsse / Best regards

Konrad Eriksson
Trusted Computing / Security & Assurance

Email: kon zurich ibm com
Phone: +41 (0)44 724 84 28

IBM Zurich Research Laboratory
www.zurich.ibm.com
Saeumerstrasse 4
8803 Rueschlikon
Switzerland

From:	Syunsuke HAYASHI <syunsuke jp fujitsu com>
To:	libvir-list redhat com
Cc:	Konrad Eriksson1 <KON zurich ibm com>, berrange redhat com, Atsushi SAKAI <sakaia jp fujitsu com>, INAKOSHI Hiroya <inakoshi hiroya jp fujitsu com>
Date:	01/26/2009 11:25 AM
Subject:	[Patch][RFC] Fine grained access control in libvirt by rbac (0/3)

The series of patches introduces a fine grained access control to libvirt. They enable libvirt to enforce users what operations to invoke in role-based way. Our team found that Konrad and Daniel have similar interest to ours. Comments and suggestions are very welcome. Patches: - Embedding hooks in libvirt (1/3) - Access control library (2/3) - Example policy files (3/3)

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- [libvirt] Re: [Patch][RFC] Fine grained access control in libvirt by rbac (0/3)
  - From: Daniel P. Berrange
- [libvirt] Re: [Patch][RFC] Fine grained access control in libvirt by rbac (0/3)
  - From: INAKOSHI Hiroya

References:
- [libvirt] [Patch][RFC] Fine grained access control in libvirt by rbac (0/3)
  - From: Syunsuke HAYASHI

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]