[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [virt-tools-list] Access to individual VMs



On Fri, Feb 19, 2010 at 07:32:52PM +0100, Emre Erenoglu wrote:
> On Thu, Feb 18, 2010 at 3:36 PM, Cole Robinson <crobinso redhat com> wrote:
> 
> > On 02/17/2010 05:55 PM, Dennis J. wrote:
> > > Hi,
> > > Is it possible to provide access to individual VMs using virsh or
> > > virt-manager? What I'm specifically trying to do is to give users the
> > > ability to shutdown/destroy/start their own virtual machines in case the
> > VM
> > > hangs. Is this possible?
> > >
> >
> > Not at this time, the required support is missing at the libvirt level,
> > it's really all or nothing
> >
> > Having users use the qemu:///session libvirt connection, they can each
> > have their own VMs run as their own user, stored in the their homedir,
> > but there are technical limitations: no use of bridged networking, VMs
> > can't be autostarted, among others.
> >
> 
> So in this case, do I understand right that if someone would write another
> layer of authentication system that would "do stuff as root" on behalf of
> that authenticated user but to the limit of his permissions (ie reaching a
> specific VM), that would do it.

You'd have to wrap all the libvirt tools / APIs if you did it as another
layer. What we'd like to see long term is for libvirt to get direct support
for role based access control / fine-grained authorization. This would let
admins directly delegate access to VMs to users, allowing them to use all
the normal libvirt tools. This is quite a large amount of work, so its not
going to arrive soon


Daniel
-- 
|: Red Hat, Engineering, London    -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org        -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]