Yes, we're looking into adding similar form of access control in libvirt. The approach we're looking at is to inject AC as a module that intercepts calls from the libvirt core (libvirt.c) to the drivers. Reason: * AC module can be loaded/unloaded on the fly without need to recompile (can support several different AC-modules and load the appropriate one during "connect"). * Making use of (semi-stable) API between libvirt core and drivers (also hypervisor/storage/network driver independent) * Being in the call-path also enables AC-module to alter return values (such as filtering lists of VMs/NETs/Storages based on access rights) * Minimal code changes in existing libvirt code (basically a one-liner in libvirt.c to inject AC) What still is an issue is how to correctly get the identity of the user, especially over remote connection. I guess you have the same problem? (you're only allowing local usage for now). The best way would be to link some user-auth data with the virConnectPtr, but becomes a bit trickier when authentication is done prior (like in remote case) to virConnectOpen. You implemented your own RBAC language to describe the AC-policies. Have you looked at possibility to link with already existing RBAC mechanisms for Linux (like SELinux or maybe simpler AC-libs)? Freundliche Grüsse / Best regards <table width=100%> <tr valign=top> <td width=66% bgcolor=#4477bb>Konrad Eriksson Trusted Computing / Security & Assurance Email: <a href=mailto:kon@zurich.ibm.com>kon@zurich.ibm.com</a> Phone: +41 (0)44 724 84 28 <td width=33% bgcolor=#4477bb><img src=cid:_1_07DF11DC07DF0DDC00542780C125754A> IBM Zurich Research Laboratory <a href=http://www.zurich.ibm.com/>www.zurich.ibm.com</a> Saeumerstrasse 4 8803 Rueschlikon Switzerland </table> <table width=100%> <tr valign=top> <td>From: <td>Syunsuke HAYASHI <syunsuke@jp.fujitsu.com> <tr valign=top> <td>To: <td>libvir-list@redhat.com <tr> <td valign=top>Cc: <td>Konrad Eriksson1 <KON@zurich.ibm.com>, berrange@redhat.com, Atsushi SAKAI <sakaia@jp.fujitsu.com>, INAKOSHI Hiroya <inakoshi.hiroya@jp.fujitsu.com> <tr valign=top> <td>Date: <td>01/26/2009 11:25 AM <tr valign=top> <td>Subject: <td>[Patch][RFC] Fine grained access control in libvirt by rbac (0/3)</table> <hr noshade> <tt>The series of patches introduces a fine grained access control to libvirt. They enable libvirt to enforce users what operations to invoke in role-based way. Our team found that Konrad and Daniel have similar interest to ours. Comments and suggestions are very welcome. Patches: - Embedding hooks in libvirt (1/3) - Access control library (2/3) - Example policy files (3/3) </tt>