[libvirt] how to get started with libvirt & central access control

Daniel P. Berrange berrange at redhat.com
Mon Dec 8 17:00:20 UTC 2008

On Sun, Dec 07, 2008 at 10:40:14AM -0500, Juan Miscaro wrote:
> Quite new to libvirt (and kvm).  I played with a few vm's with
> libvirt/kvm and vnc/virsh/virt-manager.  I would now like to implement
> access control for my vm's (of any format: xen, kvm, etc) to a remote
> backend (mysql/ldap/other).  Where does one begin?  I would later want
> to do the same but in the context of a cluster of hosts (each running
> multiple vm's).  Thanks in advance for any advice.

libvirt does not currently apply any fine grained access controsl over
objects it manages. The only access control is done at time the 
virConnectPtr object is created, either based on your UNIX userid,
or PolicyKit, or Kerberos/SASL, or SSL/x509.

We may add fine grained access control over objects in the future, but
there's no ETA for that. In the meantime such checks would be done in
your application

|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

More information about the libvir-list mailing list