Re: [libvirt-users] Libvirt access control drivers
Ok, excuse me for misunderstanding, how it is possible then to set up
access control when I use remote connection to KVM ( not in UNIX domain)?
Is there any way within libvirt, maybe based on authentication or
certificates?
2018-05-09 11:14 GMT+03:00 Daniel P. Berrangé <berrange(a)redhat.com>:
On Wed, May 09, 2018 at 11:13:01AM +0300, Anastasiya Ruzhanskaya
wrote:
> I read this page https://libvirt.org/aclpolkit.html
> And it is written :"At this point in time, the only attribute provided by
> libvirt to identify the user invoking the operation is the PID of the
> client program. This means that the polkit access control driver is only
> useful if connections to libvirt are restricted to its UNIX domain
socket."
You're mis-interpreted what that means. Libvirt provides the PID to polkit
(well actually pid + starttime), polkit uses this to identify the process
and determine its username and group membership, which is then used to
make access control decisions.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/
dberrange :|
|: https://libvirt.org -o-
https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/
dberrange :|
Attachments:
- attachment.html (text/html — 2.2 KB)