libvirt users - Jan 2014 - Ownerships of VMs and Image files

Hello,

I installed libvirt and qemu/kvm on a machine. I testet a little with
those and found out that all users having an account on that machine can
start  every VM of every other user on the machine, in some conditions
even directly access the image file on the real host. What I would like to
have is that every user can only access the VMs and image files he or she
created himself/herself, as long as he/she does not explicitly set other
permissions. Is it possible to achieve that?

Regards
  Christoph

On 01/07/2014 07:30 AM, Christoph Pleger wrote:
> Hello,
> 
> I installed libvirt and qemu/kvm on a machine. I testet a little with
> those and found out that all users having an account on that machine can
> start  every VM of every other user on the machine, in some conditions
> even directly access the image file on the real host. What I would like to
> have is that every user can only access the VMs and image files he or she
> created himself/herself, as long as he/she does not explicitly set other
> permissions. Is it possible to achieve that?
Sounds like a job for ACL (access control list):

http://libvirt.org/acl.html

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 604 bytes
Desc: OpenPGP digital signature
URL:
<http://listman.redhat.com/archives/libvirt-users/attachments/20140107/28a9b424/attachment.sig>