We are working on the project based on Red Hat Enterprise Virtualisation and Red Hat Identity Management. RHEV environment will be deployed in protected internal enterprise network. Now we are developing special admin tools in order to extend functionality of RHEL IdM and we faced with a rather difficult problem… The system should meet the increased demands of informational security, so what we are trying to implement is:
1. Intercept the event of user’s VM start on the RHEL Hypervisor;
2. Suspend the VM;
3. Mount VM’s disk to Hypervisor (or some other VM, for instance, admin’s VM);
4. Check the integrity of the VM’s system files (count md5sum etc.)
5. Unmount disk;
6. If verification is passed, start the VM, else – power off and disable VM till the decision of administrator.
Is there any opportunity to implement this within the libvirt API?
“Fintech” JSC, Moscow, Russia