[libvirt] Implementing VNC per VM access control lists
Neil Wilson
neil at brightbox.co.uk
Tue Jan 4 09:15:28 UTC 2011
On Mon, 2011-01-03 at 09:19 -0500, Stefan Berger wrote:
> One issue is probably around migration and the server
> (qemu-referenced) x509 certificates. If the certificates are embedded
> (rather than referenced) in the domain XML they will automatically
> migrate when the VM migrates, which is desirable. Otherwise migration
> becomes (again) problematic and layers above libvirt would have to
> take care of their migration.
>
>
> The VNC session will still be lost due to the change of host and thus
> the IP address and the client user will need to learn about the new
> VNC port as well.
Don't you have the same problem at the moment with the existing per Host
SASL authentication?
I was more concerned with adding access list filters to the individual
VMs after the authentication has happened. And surely those would
migrate since they are contained within the configuration of the running
process?
I wasn't thinking of touching the authentication layer at all, more
adding an authorization filter layer.
More information about the libvir-list
mailing list