[libvirt-users] Libvirt access control drivers

Anastasiya Ruzhanskaya anastasiya.ruzhanskaya at frtk.ru
Wed May 9 08:21:22 UTC 2018


Ok, excuse me for misunderstanding, how it is possible then to set up
access control when I use remote connection to KVM ( not in UNIX domain)?
Is there any way within libvirt, maybe based on authentication or
certificates?

2018-05-09 11:14 GMT+03:00 Daniel P. Berrangé <berrange at redhat.com>:

> On Wed, May 09, 2018 at 11:13:01AM +0300, Anastasiya Ruzhanskaya wrote:
> > I read this page https://libvirt.org/aclpolkit.html
> > And it is written :"At this point in time, the only attribute provided by
> > libvirt to identify the user invoking the operation is the PID of the
> > client program. This means that the polkit access control driver is only
> > useful if connections to libvirt are restricted to its UNIX domain
> socket."
>
> You're mis-interpreted what that means. Libvirt provides the PID to polkit
> (well actually pid + starttime), polkit uses this to identify the process
> and determine its username and group membership, which is then used to
> make access control decisions.
>
> Regards,
> Daniel
> --
> |: https://berrange.com      -o-    https://www.flickr.com/photos/
> dberrange :|
> |: https://libvirt.org         -o-
> https://fstop138.berrange.com :|
> |: https://entangle-photo.org    -o-    https://www.instagram.com/
> dberrange :|
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20180509/b7c172f2/attachment.htm>


More information about the libvirt-users mailing list