[libvirt] Fine grained Access Control in libVirt

Daniel P. Berrange berrange at redhat.com
Fri Jan 16 09:57:22 UTC 2009

On Fri, Jan 16, 2009 at 12:16:10PM +0900, Atsushi SAKAI wrote:
> Hi, Dan
> Would you explain the difference with sVirt?
> The final goal sVirt seems same form me.
> (for example, define many security domain etc in .te file.)

At this stage sVirt is primarily about protecting guests from
each other, and protecting the host from guests.

Konrad's suggestions are about protecting guests/hosts from 
administrators, by providing more fine grained control over
what libvirt APIs an admin can invoke & on what objects.

Both bits of work are required & are complementary to each other

|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

More information about the libvir-list mailing list