search for: aclpolkit

I read this page https://libvirt.org/aclpolkit.html And it is written :"At this point in time, the only attribute provided by libvirt to identify the user invoking the operation is the PID of the client program. This means that the polkit access control driver is only useful if connections to libvirt are restricted to its UNIX domain socke...

As a Systems Administrator, I would like to grant permissions to a certain VM using unix groups. In this example there is a hypervisor with VMs A,B,C,D and there is a group called fortadmins. The solution I am searching forI would just allow fortadmins to use libvirt/virsh commands on VM D. Does libvirt/virsh provide any way to easily accomplish this goal? Regards, Jamie Ian Fargen

On Wed, May 09, 2018 at 11:13:01AM +0300, Anastasiya Ruzhanskaya wrote: > I read this page https://libvirt.org/aclpolkit.html > And it is written :"At this point in time, the only attribute provided by > libvirt to identify the user invoking the operation is the PID of the > client program. This means that the polkit access control driver is only > useful if connections to libvirt are restricted to i...

Hi, I would like to allow a user (non-root) to access the console of his VM (he's got root access on it). Using sudo doesn't seem to work: /bin/virsh console vm error: failed to get domain 'vm' error: Domain not found: no domain with matching name 'vm' If I assign suid to virsh, I get: 'error: Failed to initialize libvirt' I don't see any information on

Hello! According to the documentation access control drivers are not in really "good condition". There is a polkit, but it can distinguish users only according the pid. However, I have met some articles about more fine-grained control and about selinux drivers for libvirt? So, what is the status now? Should I implement something by myself if I want access based on login, are their

...t in UNIX domain)? Is there any way within libvirt, maybe based on authentication or certificates? 2018-05-09 11:14 GMT+03:00 Daniel P. Berrangé <berrange@redhat.com>: > On Wed, May 09, 2018 at 11:13:01AM +0300, Anastasiya Ruzhanskaya wrote: > > I read this page https://libvirt.org/aclpolkit.html > > And it is written :"At this point in time, the only attribute provided by > > libvirt to identify the user invoking the operation is the PID of the > > client program. This means that the polkit access control driver is only > > useful if connections to libvirt...