[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt-users] Access to virtualization on a multi-user system



The big question i have here is, why do the users have access to the
system with the hypervisor, why not only to the VMS.

Use something like ovirt or proxmox and you do not have that problem
anymore

On 22/06/15 08:20, "libvirt-users-bounces redhat com on behalf of
sbaugh catern com" <libvirt-users-bounces redhat com on behalf of
sbaugh catern com> wrote:

>
>Hi libvirt-users,
>
>I find myself wanting to do something that seems like it must have some
>obvious solution: I have multiple users (let's just assume local Unix
>accounts) on a Linux system, and I want them all to have access to
>KVM-accelerated virtualization. But, I don't want them to be able to
>meddle with each other's virtual machines. Is there a solution to this
>problem?
>
>Methods of attack that have occured to me:
>
>- Use PolicyKit to only allow a user to access qemu:///system VMs that
>  are somehow marked as owned by that user
>- Run multiple libvirt qemu:///system daemons and restrict access to
>  each on a per-user basis
>- Allow qemu:///session VMs to actually be KVM-accelerated (this seems
>  like the best way to do it, but I have no idea if that's even
>  possible)
>
>Again, the third seems like the best way, but I'm not sure of how to
>allow such VMs to be KVM-accelerated, and not sure if it's possible for
>them to use anything other than usermode networking.
>
>Hopefully I'm missing some obvious way to do it!
>
>Thanks for any assistance!
>
>_______________________________________________
>libvirt-users mailing list
>libvirt-users redhat com
>https://www.redhat.com/mailman/listinfo/libvirt-users



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]