On Sun, Dec 07, 2008 at 10:40:14AM -0500, Juan Miscaro wrote:

Quite new to libvirt (and kvm). I played with a few vm's with libvirt/kvm and vnc/virsh/virt-manager. I would now like to implement access control for my vm's (of any format: xen, kvm, etc) to a remote backend (mysql/ldap/other). Where does one begin? I would later want to do the same but in the context of a cluster of hosts (each running multiple vm's). Thanks in advance for any advice.

libvirt does not currently apply any fine grained access controsl over objects it manages. The only access control is done at time the virConnectPtr object is created, either based on your UNIX userid, or PolicyKit, or Kerberos/SASL, or SSL/x509. We may add fine grained access control over objects in the future, but there's no ETA for that. In the meantime such checks would be done in your application Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|