[libvirt] Re: [Patch][RFC] Fine grained access control in libvirt by rbac (0/3)
Konrad Eriksson1
KON at zurich.ibm.com
Mon Jan 26 15:19:14 UTC 2009
Yes, we're looking into adding similar form of access control in libvirt.
The approach we're looking at is to inject AC as a module that intercepts
calls from the libvirt core (libvirt.c) to the drivers.
Reason:
* AC module can be loaded/unloaded on the fly without need to recompile
(can support several different AC-modules and load the appropriate one
during "connect").
* Making use of (semi-stable) API between libvirt core and drivers (also
hypervisor/storage/network driver independent)
* Being in the call-path also enables AC-module to alter return values
(such as filtering lists of VMs/NETs/Storages based on access rights)
* Minimal code changes in existing libvirt code (basically a one-liner in
libvirt.c to inject AC)
What still is an issue is how to correctly get the identity of the user,
especially over remote connection.
I guess you have the same problem? (you're only allowing local usage for
now).
The best way would be to link some user-auth data with the virConnectPtr,
but becomes a bit trickier when authentication is done prior (like in
remote case) to virConnectOpen.
You implemented your own RBAC language to describe the AC-policies.
Have you looked at possibility to link with already existing RBAC
mechanisms for Linux (like SELinux or maybe simpler AC-libs)?
Freundliche Grüsse / Best regards
Konrad Eriksson
Trusted Computing / Security & Assurance
Email: kon at zurich.ibm.com
Phone: +41 (0)44 724 84 28
IBM Zurich Research Laboratory
www.zurich.ibm.com
Saeumerstrasse 4
8803 Rueschlikon
Switzerland
From:
Syunsuke HAYASHI <syunsuke at jp.fujitsu.com>
To:
libvir-list at redhat.com
Cc:
Konrad Eriksson1 <KON at zurich.ibm.com>, berrange at redhat.com, Atsushi SAKAI
<sakaia at jp.fujitsu.com>, INAKOSHI Hiroya <inakoshi.hiroya at jp.fujitsu.com>
Date:
01/26/2009 11:25 AM
Subject:
[Patch][RFC] Fine grained access control in libvirt by rbac (0/3)
The series of patches introduces a fine grained access control to
libvirt. They enable libvirt to enforce users what operations to invoke
in role-based way. Our team found that Konrad and Daniel have similar
interest to ours. Comments and suggestions are very welcome.
Patches:
- Embedding hooks in libvirt (1/3)
- Access control library (2/3)
- Example policy files (3/3)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090126/baf95b09/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 137 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090126/baf95b09/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7917 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090126/baf95b09/attachment-0001.bin>
More information about the libvir-list
mailing list