[libvirt] Question about more finer access control permission on libvirt
Atsushi SAKAI
sakaia at jp.fujitsu.com
Fri May 16 01:36:09 UTC 2008
Hi, Dan
Thank you for commenting this.
I am eased to hear this.
I also agrees this issue has many task.
p.s.
I want to know the possibility of fine grained access control in libvirt,
since our young guy is investigating the access control in Dom0-Xen.
Thanks
Atsushi SAKAI
"Daniel P. Berrange" <berrange at redhat.com> wrote:
> On Fri, May 09, 2008 at 09:49:19AM +0900, Atsushi SAKAI wrote:
> > I have a question of libvirt with Polkit.
> > Currently, the libvirt w/ Polkit has 2 access control permissions.
> > (Read Only and Read Write)
> >
> > Have you planned to expand the access control more finer?
> > In my use case, Policy should define by domain, operation, operator.
> > Of course, operator is already considered on current libvirt w/ Polkit.
> > So at this point, it needs to add domain and operation policy.
> >
> > The use case is for many(about 100 or more) domain operation.
> >
> > I just want to know how to minimize granting access control permission
> > of each user on libvirt in future.
>
> PolicyKit at this time is only used to authenticate local access from
> applications running in the host's desktop session. While it allows
> you to make up many fine grained permissions, it doesn't let you dynamicaly
> associate the permissions with individual objects. eg there is a policykit
> check to determine whether a user is allowed to mount removable disks - that
> applies to all removal disks - you can say disk A, but not disk B.
>
> While we could add lots more privileges that just read-write and read-only
> this would only get us part way to where we really need to be. The ideal
> goal is that we can have fine grained privileges applied to individual
> virtual machines, storage pools, networks, etc. The only framework that
> really comes close to this level of flexibility is SELinux, so one of the
> long term TODO items is to investigate whether we can integrate with SELinux
> for fine grained access control.
>
> As an example DBus uses SELinux to control who can access services on the
> system bus, and what actisons they can perform. Another example is SEPostgresql
> which uses SELinux to control accesss to individual tuples & colums in the
> database. So it is clearly able to provide the flexibility we need and scales
> to huge performance critical applications such as databases. This doesn't
> make it a quick or easy task to use in libvirt though. It'll involve alot
> of thought, design & development.
>
> In the mean time, it is possible that PolicyKit might actually gain the
> ability to apply authorizaation to individual objects, and also gain ability
> to use SELinux as its underlying policy engine. So we have to watch what
> happens there too.
>
> There's not really any firm timeline for any of this work, but its stuff
> we definitely want to get into libvirt
>
> Dan.
> --
> |: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :|
> |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
> |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
> |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list