[libvirt-users] Access to virtualization on a multi-user system
sbaugh at catern.com
sbaugh at catern.com
Mon Jun 22 00:20:49 UTC 2015
Hi libvirt-users,
I find myself wanting to do something that seems like it must have some
obvious solution: I have multiple users (let's just assume local Unix
accounts) on a Linux system, and I want them all to have access to
KVM-accelerated virtualization. But, I don't want them to be able to
meddle with each other's virtual machines. Is there a solution to this
problem?
Methods of attack that have occured to me:
- Use PolicyKit to only allow a user to access qemu:///system VMs that
are somehow marked as owned by that user
- Run multiple libvirt qemu:///system daemons and restrict access to
each on a per-user basis
- Allow qemu:///session VMs to actually be KVM-accelerated (this seems
like the best way to do it, but I have no idea if that's even
possible)
Again, the third seems like the best way, but I'm not sure of how to
allow such VMs to be KVM-accelerated, and not sure if it's possible for
them to use anything other than usermode networking.
Hopefully I'm missing some obvious way to do it!
Thanks for any assistance!
More information about the libvirt-users
mailing list