[libvirt-users] Fine grained authorisation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi List, I am trying to provide a solution using KVM on RHEL for a number of technical staff sharing server resources. We would like to be able to "restrict" a number of guests from certain users to follow the principle of least privilege. So in short, is there a way of defining access to individual guests via libvirt / polkit or is read only / read write the best we can expect for the foreseeable future? Cheers, Sam -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iF4EAREIAAYFAk/QWhsACgkQFdt86iEfl/cYagD9FGktnsqyGkfzXWkUyFtJmQc2 VX6ZG2iXmKD75R7c6IgA/j5WvnsXdBA6jPO9/WnX83CmmorPc9oRN6lpYTxXgkON =38VZ -----END PGP SIGNATURE-----
On 07.06.2012 09:37, Sam Wilson wrote:
Hi List,
I am trying to provide a solution using KVM on RHEL for a number of technical staff sharing server resources. We would like to be able to "restrict" a number of guests from certain users to follow the principle of least privilege.
So in short, is there a way of defining access to individual guests via libvirt / polkit or is read only / read write the best we can expect for the foreseeable future?
For now, the only users separation available is RO/RW access. However, we are working on more complex RBAC. There have been posted several patches as proof-of-concept: http://www.redhat.com/archives/libvir-list/2012-January/msg00907.html Michal
participants (2)
-
Michal Privoznik -
Sam Wilson