libvirt users - Jun 2012 - Fine grained authorisation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi List,

I am trying to provide a solution using KVM on RHEL for a number of
technical staff sharing server resources. We would like to be able to
"restrict" a number of guests from certain users to follow the
principle of least privilege.

So in short, is there a way of defining access to individual guests
via libvirt / polkit or is read only / read write the best we can
expect for the foreseeable future?

Cheers,

Sam
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)

iF4EAREIAAYFAk/QWhsACgkQFdt86iEfl/cYagD9FGktnsqyGkfzXWkUyFtJmQc2
VX6ZG2iXmKD75R7c6IgA/j5WvnsXdBA6jPO9/WnX83CmmorPc9oRN6lpYTxXgkON
=38VZ
-----END PGP SIGNATURE-----

On 07.06.2012 09:37, Sam Wilson wrote:
> Hi List,
> 
> I am trying to provide a solution using KVM on RHEL for a number of
> technical staff sharing server resources. We would like to be able to
> "restrict" a number of guests from certain users to follow the
> principle of least privilege.
> 
> So in short, is there a way of defining access to individual guests
> via libvirt / polkit or is read only / read write the best we can
> expect for the foreseeable future?
For now, the only users separation available is RO/RW access.
However, we are working on more complex RBAC. There have been posted
several patches as proof-of-concept:

   http://www.redhat.com/archives/libvir-list/2012-January/msg00907.html

Michal