Hi, I'm trying to set up a virtual machine server for our newly re-founded LUG at my school. The idea is for members to have their own virtual machine that they can learn their way around a Linux system without worry of them hosing the host system or their own computers. At home I use libvirt with my server to manage multiple virtual machines, but the issue I'm running into for this use case is user permissions. As far as I've seen, anyone who has access to the server over ssh and has access to the libvirt server via virt-manager has access to all of the virtual machines. I'd like to find some way for each user to only see their own virtual machine. Is this possible? I've considered setting up VMs myself, and giving them direct access via ssh or VNC, but I'd like them to have access to the console so that they can attach things like CD images to their VMs for reinstalling or changing distros. Is there a way to get libvirt to do what I need here? Thanks much, Zach Tibbitts -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20100920/9bce7a4f/attachment.htm>
On 09/21/2010 01:58 PM, Zach Tibbitts wrote: <snip>> At home I use libvirt with my server to manage multiple virtual machines, > but the issue I'm running into for this use case is user permissions. As far > as I've seen, anyone who has access to the server over ssh and has access to > the libvirt server via virt-manager has access to all of the virtual > machines. I'd like to find some way for each user to only see their own > virtual machine. Is this possible?Hi Zach, As a general direction thought, it kind of sounds like you should look into using "sessions" for this. Instead of connecting to the "system wide" version of things, like you're doing at home. There's some info on it here: http://libvirt.org/uri.html#URI_qemu But, other pages (and Google) might be more helpful there. It's not an area I've personally looked at (yet), but it sounds like it might be what you're after. Does that help? :) Regards and best wishes, Justin Clift