On 07.06.2012 09:37, Sam Wilson wrote:> Hi List,
>
> I am trying to provide a solution using KVM on RHEL for a number of
> technical staff sharing server resources. We would like to be able to
> "restrict" a number of guests from certain users to follow the
> principle of least privilege.
>
> So in short, is there a way of defining access to individual guests
> via libvirt / polkit or is read only / read write the best we can
> expect for the foreseeable future?
For now, the only users separation available is RO/RW access.
However, we are working on more complex RBAC. There have been posted
several patches as proof-of-concept:
http://www.redhat.com/archives/libvir-list/2012-January/msg00907.html
Michal