[libvirt-users] Access to virtualization on a multi-user system
Soeren Malchow
soeren.malchow at mcon.net
Wed Jul 8 19:27:56 UTC 2015
The big question i have here is, why do the users have access to the
system with the hypervisor, why not only to the VMS.
Use something like ovirt or proxmox and you do not have that problem
anymore
On 22/06/15 08:20, "libvirt-users-bounces at redhat.com on behalf of
sbaugh at catern.com" <libvirt-users-bounces at redhat.com on behalf of
sbaugh at catern.com> wrote:
>
>Hi libvirt-users,
>
>I find myself wanting to do something that seems like it must have some
>obvious solution: I have multiple users (let's just assume local Unix
>accounts) on a Linux system, and I want them all to have access to
>KVM-accelerated virtualization. But, I don't want them to be able to
>meddle with each other's virtual machines. Is there a solution to this
>problem?
>
>Methods of attack that have occured to me:
>
>- Use PolicyKit to only allow a user to access qemu:///system VMs that
> are somehow marked as owned by that user
>- Run multiple libvirt qemu:///system daemons and restrict access to
> each on a per-user basis
>- Allow qemu:///session VMs to actually be KVM-accelerated (this seems
> like the best way to do it, but I have no idea if that's even
> possible)
>
>Again, the third seems like the best way, but I'm not sure of how to
>allow such VMs to be KVM-accelerated, and not sure if it's possible for
>them to use anything other than usermode networking.
>
>Hopefully I'm missing some obvious way to do it!
>
>Thanks for any assistance!
>
>_______________________________________________
>libvirt-users mailing list
>libvirt-users at redhat.com
>https://www.redhat.com/mailman/listinfo/libvirt-users
More information about the libvirt-users
mailing list