[libvirt] Re: [Patch][RFC] Fine grained access control in libvirt by rbac (0/3)

Konrad Eriksson1 KON at zurich.ibm.com
Mon Jan 26 15:19:14 UTC 2009


Yes, we're looking into adding similar form of access control in libvirt.

The approach we're looking at is to inject AC as a module that intercepts 
calls from the libvirt core (libvirt.c) to the drivers.
Reason:
* AC module can be loaded/unloaded on the fly without need to recompile 
(can support several different AC-modules and load the appropriate one 
during "connect").
* Making use of (semi-stable) API between libvirt core and drivers (also 
hypervisor/storage/network driver independent)
   * Being in the call-path also enables AC-module to alter return values 
(such as filtering lists of VMs/NETs/Storages based on access rights)
* Minimal code changes in existing libvirt code (basically a one-liner in 
libvirt.c to inject AC)

What still is an issue is how to correctly get the identity of the user, 
especially over remote connection.
I guess you have the same problem? (you're only allowing local usage for 
now).
The best way would be to link some user-auth data with the virConnectPtr, 
but becomes a bit trickier when authentication is done prior (like in 
remote case) to virConnectOpen.

You implemented your own RBAC language to describe the AC-policies.
Have you looked at possibility to link with already existing RBAC 
mechanisms for Linux (like SELinux or maybe simpler AC-libs)?


Freundliche Grüsse / Best regards


Konrad Eriksson
Trusted Computing / Security & Assurance

Email: kon at zurich.ibm.com
Phone: +41 (0)44 724 84 28 

IBM Zurich Research Laboratory
www.zurich.ibm.com
Saeumerstrasse 4
8803 Rueschlikon
Switzerland 




From:
Syunsuke HAYASHI <syunsuke at jp.fujitsu.com>
To:
libvir-list at redhat.com
Cc:
Konrad Eriksson1 <KON at zurich.ibm.com>, berrange at redhat.com, Atsushi SAKAI 
<sakaia at jp.fujitsu.com>, INAKOSHI Hiroya <inakoshi.hiroya at jp.fujitsu.com>
Date:
01/26/2009 11:25 AM
Subject:
[Patch][RFC] Fine grained access control in libvirt by rbac (0/3)



The series of patches introduces a fine grained access control to
libvirt.  They enable libvirt to enforce users what operations to invoke
in role-based way.  Our team found that Konrad and Daniel have similar
interest to ours.  Comments and suggestions are very welcome.

Patches:
 - Embedding hooks in libvirt (1/3)
 - Access control library (2/3)
 - Example policy files (3/3)







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090126/baf95b09/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 137 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090126/baf95b09/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7917 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090126/baf95b09/attachment-0001.bin>


More information about the libvir-list mailing list