Re: [libvirt] How to intercept the VM start event and run the identity check
On Tue, Sep 24, 2013 at 09:04:00AM +0000, Исаев Виталий Анатольевич wrote:
Dear developers!
We are working on the project based on Red Hat Enterprise Virtualisation and Red Hat
Identity Management. RHEV environment will be deployed in protected internal enterprise
network. Now we are developing special admin tools in order to extend functionality of
RHEL IdM and we faced with a rather difficult problem... The system should meet the
increased demands of informational security, so what we are trying to implement is:
1. Intercept the event of user's VM start on the RHEL Hypervisor;
2. Suspend the VM;
3. Mount VM's disk to Hypervisor (or some other VM, for instance, admin's
VM);
If you care about security, *never* mounted guest filesystems on the
host OS, or any other important VM. You want to use a throwaway VM,
or better yet, use libguestfs
http://libguestfs.org/guestfs.3.html#security-of-mounting-filesystems
4. Check the integrity of the VM's system files (count md5sum etc.)
5. Unmount disk;
6. If verification is passed, start the VM, else - power off and disable VM till
the decision of administrator.
Is there any opportunity to implement this within the libvirt API?
Libvirt has hooks that are run prior to starting a VM
http://libvirt.org/hooks.html
but you must not make any calls to libvirt from a hook, and hooks should
be very short scripts/fast to execute, since they are synchronous with
libvirt execution.
IMHO the scenario you describe is probably better implmeneted at the
RHEV level of the stack
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|