Re: [libvirt] Fine grained Access Control in libVirt
On Fri, Jan 16, 2009 at 12:16:10PM +0900, Atsushi SAKAI wrote:
Hi, Dan
Would you explain the difference with sVirt?
The final goal sVirt seems same form me.
(for example, define many security domain etc in .te file.)
At this stage sVirt is primarily about protecting guests from
each other, and protecting the host from guests.
Konrad's suggestions are about protecting guests/hosts from
administrators, by providing more fine grained control over
what libvirt APIs an admin can invoke & on what objects.
Both bits of work are required & are complementary to each other
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|