On Thu, Jan 15, 2009 at 02:39:20PM +0100, Konrad Eriksson1 wrote:
When looking at the libvirt core and driver framework it seems promising to inject these kind of call-out hooks either in libvirt.c or between libvirt.c and the underlying drivers, by doing this AC will be enforced independent of if a local or remote call is done to libVirt.
In libvirt.c is probably easier ... And abstract out the read-only checks at the same time.
Feel free to comment and to come with improvement ideas.
All sounds good. There's a wiki page waiting to be filled in with the details here: http://wiki.libvirt.org/page/TodoFineGrainedSecurity Rich. -- Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into Xen guests. http://et.redhat.com/~rjones/virt-p2v