Re: [libvirt] Fine grained Access Control in libVirt
On Thu, Jan 15, 2009 at 02:39:20PM +0100, Konrad Eriksson1 wrote:
When looking at the libvirt core and driver framework it seems
promising
to inject these kind of call-out hooks either in libvirt.c or between
libvirt.c and the underlying drivers, by doing this AC will be enforced
independent of if a local or remote call is done to libVirt.
In libvirt.c is probably easier ... And abstract out the read-only
checks at the same time.
Feel free to comment and to come with improvement ideas.
All sounds good. There's a wiki page waiting to be filled in with
the details here:
http://wiki.libvirt.org/page/TodoFineGrainedSecurity
Rich.
--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v