[libvirt] How to intercept the VM start event and run the identity check
Daniel P. Berrange
berrange at redhat.com
Tue Sep 24 09:09:25 UTC 2013
On Tue, Sep 24, 2013 at 09:04:00AM +0000, Исаев Виталий Анатольевич wrote:
> Dear developers!
>
> We are working on the project based on Red Hat Enterprise Virtualisation and Red Hat Identity Management. RHEV environment will be deployed in protected internal enterprise network. Now we are developing special admin tools in order to extend functionality of RHEL IdM and we faced with a rather difficult problem... The system should meet the increased demands of informational security, so what we are trying to implement is:
>
>
> 1. Intercept the event of user's VM start on the RHEL Hypervisor;
>
> 2. Suspend the VM;
>
> 3. Mount VM's disk to Hypervisor (or some other VM, for instance, admin's VM);
If you care about security, *never* mounted guest filesystems on the
host OS, or any other important VM. You want to use a throwaway VM,
or better yet, use libguestfs
http://libguestfs.org/guestfs.3.html#security-of-mounting-filesystems
>
> 4. Check the integrity of the VM's system files (count md5sum etc.)
>
> 5. Unmount disk;
>
> 6. If verification is passed, start the VM, else - power off and disable VM till the decision of administrator.
>
> Is there any opportunity to implement this within the libvirt API?
Libvirt has hooks that are run prior to starting a VM
http://libvirt.org/hooks.html
but you must not make any calls to libvirt from a hook, and hooks should
be very short scripts/fast to execute, since they are synchronous with
libvirt execution.
IMHO the scenario you describe is probably better implmeneted at the
RHEV level of the stack
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list