[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] Question about more finer access control permission on libvirt

Hi, Dan

Thank you for commenting this.
I am eased to hear this.
I also agrees this issue has many task.

I want to know the possibility of fine grained access control in libvirt,
since our young guy is investigating the access control in Dom0-Xen.

Atsushi SAKAI

"Daniel P. Berrange" <berrange redhat com> wrote:

> On Fri, May 09, 2008 at 09:49:19AM +0900, Atsushi SAKAI wrote:
> > I have a question of libvirt with Polkit.
> > Currently, the libvirt w/ Polkit has 2 access control permissions.
> > (Read Only and Read Write)
> > 
> > Have you planned to expand the access control more finer?
> > In my use case, Policy should define by domain, operation, operator.
> > Of course, operator is already considered on current libvirt w/ Polkit.
> > So at this point, it needs to add domain and operation policy.
> > 
> > The use case is for many(about 100 or more) domain operation.
> > 
> > I just want to know how to minimize granting access control permission 
> > of each user on libvirt in future.
> PolicyKit at this time is only used to authenticate local access from
> applications running in the host's desktop session. While it allows
> you to make up many fine grained permissions, it doesn't let you dynamicaly
> associate the permissions with individual objects. eg there is a policykit
> check to determine whether a user is allowed to mount removable disks - that
> applies to all removal disks - you can say disk A, but not disk B.
> While we could add lots more privileges that just read-write and read-only
> this would only get us part way to where we really need to be. The ideal
> goal is that we can have fine grained privileges applied to individual 
> virtual machines, storage pools, networks, etc. The only framework that
> really comes close to this level of flexibility is SELinux, so one of the
> long term TODO items is to investigate whether we can integrate with SELinux
> for fine grained access control.
> As an example DBus uses SELinux to control who can access services on the
> system bus, and what actisons they can perform. Another example is SEPostgresql
> which uses SELinux to control accesss to individual tuples & colums in the
> database. So it is clearly able to provide the flexibility we need and scales
> to huge performance critical applications such as databases. This doesn't
> make it a quick or easy task to use in libvirt though. It'll involve alot
> of thought, design & development.
> In the mean time, it is possible that PolicyKit might actually gain the 
> ability to apply authorizaation to individual objects, and also gain ability
> to use SELinux as its underlying policy engine. So we have to watch what
> happens there too.
> There's not really any firm timeline for any of this work, but its stuff 
> we definitely want to get into libvirt
> Dan.
> -- 
> |: Red Hat, Engineering, Boston   -o-   http://people.redhat.com/berrange/ :|
> |: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
> |: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
> |: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]