[libvirt] Per-VM access control

Jan Kasprzak kas at fi.muni.cz
Fri Feb 13 13:12:46 UTC 2009


	Hello,

is it possible to run libvirt as a "hosting-like" environment?
we would like to provide virtual machines for our users, but we would
like them to be able to reset/reboot/poweroff only their own VMs,
connect to the serial console of their own VMs only, and even maybe
connect to the graphical console of their own VMs.

	Is it possible with libvirt, and without giving them shell access
to the hosting machine?

	For the serial console, I thought about creating a ssh-only
account with hardcoded "virsh console <their_machine_name>" command,
but "virsh console" can be escaped from using ^], so this is not secure
- this way they would be able to get access to other VMs as well.

	Thanks,

-Yenya

-- 
| Jan "Yenya" Kasprzak  <kas at {fi.muni.cz - work | yenya.net - private}> |
| GPG: ID 1024/D3498839      Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E |
| http://www.fi.muni.cz/~kas/    Journal: http://www.fi.muni.cz/~kas/blog/ |
>>  If you find yourself arguing with Alan Cox, you’re _probably_ wrong.  <<
>>     --James Morris in "How and Why You Should Become a Kernel Hacker"  <<




More information about the libvir-list mailing list