[libvirt] Question about more finer access control permission on libvirt
Daniel P. Berrange
berrange at redhat.com
Fri May 16 14:03:13 UTC 2008
On Fri, May 16, 2008 at 10:36:09AM +0900, Atsushi SAKAI wrote:
> Hi, Dan
>
> Thank you for commenting this.
> I am eased to hear this.
> I also agrees this issue has many task.
>
> p.s.
> I want to know the possibility of fine grained access control in libvirt,
> since our young guy is investigating the access control in Dom0-Xen.
For the libvirt MAC / fine grained ACL stuff I'm talking about, I don't want
us to build something that is tied / specific to Xen. The goal in the work
should be to build the support such that it can reasonably apply to all the
drivers in libvirt, so we get coverage across Xen, KVM, LXC, etc. Perhaps it
might integrate with the Xen XSM support, but its too early to say whether
XSM will be useful or not. KVM of course is just a user space process like
any other, so it is trivially secured with existing SELinux support.
Regards,
Daniel.
--
|: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list