[libvirt] Shared desktop: grant permission to start/stop/pause/resume guests only
Thorsten Hesemeyer
Thorsten.Hesemeyer at gmx.de
Fri Apr 12 11:24:12 UTC 2013
Hi all,
for a shared desktop configuration, is there an option to grant the permission to start, stop, pause or resume the kvm guest only?
User roles in shared desktop environment configuration:
Power user - fully manage libvirt / KVM guests
Regular user - start, stop, pause and resume libvirt / KVM guests
In other words, we are looking for an opportunity to:
a) prevent regular users from modifying the libvirt / kvm guest but
b) enable them to start, stop, pause, resume libvirt / kvm guests
Currently I see two options:
a) No specific libvirt permission:
Regular users cannot start a virtual guest (without help).
If users forget to shutdown the kvm client and try to poweroff the Linux
system, they are asked for an admin/management user password to stop the
virtual machine. So they need help to shutdown their machine - not good.
b) Enable libvirt manage via policy kit:
"manage" permission can be granted via overruling the
default org.libvirt.unix.manage policy kit action.
The manage right enables to modify the libvirt / kvm guest, which is too much in our case.
Is there an option to grant the start/stop/pause/resume permission only? Does libvirt offer this kind of granularity?
Kind regards,
Thorsten Hesemeyer
More information about the libvir-list
mailing list