Displaying 6 results from an estimated 6 matches for "aclpolkit".
2018 May 09
2
Re: Libvirt access control drivers
I read this page https://libvirt.org/aclpolkit.html
And it is written :"At this point in time, the only attribute provided by
libvirt to identify the user invoking the operation is the PID of the
client program. This means that the polkit access control driver is only
useful if connections to libvirt are restricted to its UNIX domain socke...
2015 Oct 19
2
selective virsh host permissions
As a Systems Administrator, I would like to grant permissions to a certain
VM using unix groups. In this example there is a hypervisor with VMs
A,B,C,D and there is a group called fortadmins. The solution I am searching
forI would just allow fortadmins to use libvirt/virsh commands on VM D.
Does libvirt/virsh provide any way to easily accomplish this goal?
Regards,
Jamie Ian Fargen
2018 May 09
0
Re: Libvirt access control drivers
On Wed, May 09, 2018 at 11:13:01AM +0300, Anastasiya Ruzhanskaya wrote:
> I read this page https://libvirt.org/aclpolkit.html
> And it is written :"At this point in time, the only attribute provided by
> libvirt to identify the user invoking the operation is the PID of the
> client program. This means that the polkit access control driver is only
> useful if connections to libvirt are restricted to i...
2014 Dec 27
1
Console access for a user.
Hi,
I would like to allow a user (non-root) to access the console of his VM
(he's got root access on it).
Using sudo doesn't seem to work:
/bin/virsh console vm
error: failed to get domain 'vm'
error: Domain not found: no domain with matching name 'vm'
If I assign suid to virsh, I get: 'error: Failed to initialize libvirt'
I don't see any information on
2018 May 09
2
Libvirt access control drivers
Hello!
According to the documentation access control drivers are not in really
"good condition". There is a polkit, but it can distinguish users only
according the pid. However, I have met some articles about more
fine-grained control and about selinux drivers for libvirt? So, what is the
status now? Should I implement something by myself if I want access based
on login, are their
2018 May 09
3
Re: Libvirt access control drivers
...t in UNIX domain)?
Is there any way within libvirt, maybe based on authentication or
certificates?
2018-05-09 11:14 GMT+03:00 Daniel P. Berrangé <berrange@redhat.com>:
> On Wed, May 09, 2018 at 11:13:01AM +0300, Anastasiya Ruzhanskaya wrote:
> > I read this page https://libvirt.org/aclpolkit.html
> > And it is written :"At this point in time, the only attribute provided by
> > libvirt to identify the user invoking the operation is the PID of the
> > client program. This means that the polkit access control driver is only
> > useful if connections to libvirt...