[libvirt] Implementing VNC per VM access control lists

[Neil Wilson]

Hi,

At the moment SASL VNC authentication in libvirt allows any of the
userids to access any of the VNC consoles on a particular libvirt host.
There is a section in the qemu_command code marked "TODO: Support ACLs
later" and we would really like the ability to have per VM user
authorization to the VNC console from within libvirt.

Essentially the people who are accessing the VNC consoles are not
administrators and have no access to the Host server - so these ACLs
need to be completely based on a separate list of userids to any access
mechanism for the libvirtd itself.

Given that the VNC restrictions are enforced within qemu from the
monitor system, I'm presuming the authorization list is going to have to
be passed in via XML and be capable of being updated throughout the life
of a VM session. Unless there's another way of doing it...

What's the feeling about how this feature should be provided within
libvirt? 

If there is somebody out there who has a bit of time at the moment and
fancies having a go at implementing this - and, of course, there is
agreement on a specification here - then we'd look at sponsoring them to
add the feature into Libvirt. Please put your hand up!

Regards,

Neil Wilson