Re: [libvirt] Implementing VNC per VM access control lists

Wednesday, 5 January 2011

On Tue, 2011-01-04 at 16:22 +0000, Daniel P. Berrange wrote:
...
 Well I'd like us to have fine grained access control across
users,
 objects & operations, probably using the role based access control
 model.  Once you have such fine grained access control, then I
 don't believe you have a clearcut boundary between users of libvirtd
 and users of VNC. eg, you may well give the VNC admin access to the
 'virDomainDestroy' and 'virDomainStart' commands for his own domains,
 but not other people's domains. So I think we should think about the
 solution to the authorization problem for both libvirtd & VNC at the
 same time. 
Have you got an RBAC library in mind that would take the group
management outside of libvirt (like SASL does for authentication), or
does it all need building? 

Neil

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [libvirt] Implementing VNC per VM access control lists