similar to: Libvirt access control drivers

I read this page https://libvirt.org/aclpolkit.html And it is written :"At this point in time, the only attribute provided by libvirt to identify the user invoking the operation is the PID of the client program. This means that the polkit access control driver is only useful if connections to libvirt are restricted to its UNIX domain socket." 2018-05-09 11:00 GMT+03:00 Daniel P.

Here https://libvirt.org/acl.html is stated that you designed this access control system as pluggable. Are there any options ( even with modifying libvirt code) to plug in any custom driver? I just need to take a try and design something that will support remote access control. I am not sure if sVirt is the right thing I should look at. 2018-05-09 11:27 GMT+03:00 Daniel P. Berrangé

On Wed, May 09, 2018 at 10:00:19AM +0100, Daniel P. Berrangé wrote: > On Wed, May 09, 2018 at 11:50:33AM +0300, Anastasiya Ruzhanskaya wrote: > > Here https://libvirt.org/acl.html is stated that you designed this access > > control system as pluggable. Are there any options ( even with modifying > > libvirt code) to plug in any custom driver? > > I just need to take a

Ok, excuse me for misunderstanding, how it is possible then to set up access control when I use remote connection to KVM ( not in UNIX domain)? Is there any way within libvirt, maybe based on authentication or certificates? 2018-05-09 11:14 GMT+03:00 Daniel P. Berrangé <berrange@redhat.com>: > On Wed, May 09, 2018 at 11:13:01AM +0300, Anastasiya Ruzhanskaya wrote: > > I read this

Excuse me for renewing this discussion, but I am curious if you would add new module, which will be able to process users not based on unix processes, from where do you plan to get usernames? I mean, virt-manager could give them, as there is authentication in GUI, but for example when using oVirt, none of the usernames reach libvirt through the communication between server and nodes. 2018-05-09

Hello! Does libvirt uses certificate pinning in tls? I want to setup a transparent proxy (mitmproxy) and can't do this even after I added mitmproxy ca certificate to the trusted certificates in ubuntu.

I actually didn't quite catch,why oVirt can't just pass user information and you could check against it? This may require to create some configuration files for libvirt about end users. What is a advantage of authenticating oVirt, and then impersonation for end user? 2018-05-11 16:37 GMT+03:00 Daniel P. Berrangé <berrange@redhat.com>: > On Fri, May 11, 2018 at 04:26:36PM +0300,

I am primarily interested in phi nodes and their induction variables, in ValueTracking file there is an analysis of them, but if the upper bound is inf, it is not working? 2017-08-07 11:41 GMT+02:00 Anastasiya Ruzhanskaya < anastasiya.ruzhanskaya at frtk.ru>: > So, it is not supported to determine by this instruction : %cmp = icmp slt > i32 %i.03, 99, > that %i.03 = phi i32 [ 0,

Hi, I wanted just to ask an additional question to that: how then here in the polkit documentation you distinguish users?: Consider a local user berrange who has been granted permission to connect > to libvirt in full read-write mode. > 2018-04-12 11:01 GMT+03:00 Erik Skultety <eskultet@redhat.com>: > On Thu, Mar 22, 2018 at 08:17:15PM +0300, Anastasiya Ruzhanskaya wrote: >

It seems, that I have turned off all encryption for tcp in libvirt.conf, but still rpc packets are not showed, only tcp. I suppose, that I don't need to add additional plugins to wirehark for libvirt and rpc, am I right? 2017-04-21 11:23 GMT+03:00 Daniel P. Berrange <berrange@redhat.com>: > On Fri, Apr 21, 2017 at 10:16:47AM +0300, Anastasiya Ruzhanskaya wrote: > > Hello, >

And how libvirt checks that it trusts the CA? Just simply inspects the cacert.pem file? Or it has some information inside about by which CA were signed client and server certificates and then compares against stored values? I mean can I just concatenate after signing or I need to combine two CAs before generating libvirt's client and server certificates? пн, 10 дек. 2018 г. в 13:11, Daniel P.

No. It would be helpful to understand what you are trying to accomplish overall, which may help people give you details about the best way to accomplish it. For example, if you are trying to understand or recover array indexes from GEP's, that is non-trivial. On Sat, Sep 2, 2017 at 3:53 AM, Anastasiya Ruzhanskaya via llvm-dev < llvm-dev at lists.llvm.org> wrote: > Is there a way

Hello, I have some questions about libvirt remote connection. Am I right that internally libvirt uses only tcp ( ssh and tls are only encryption based on this) + ftp ( when working with image itself)? Also I have found that it uses RPC. However, as I know RPC runs above tcp but I cannot capture these packets with wireshark when I am connecting remotely to the host with vm? Is it somehow possible

I see. I also know OpenStack uses libvirt, nova-compute has a driver for communication. I have briefly looked through these 10 thousand lines of code in overall on github for openstack's libvirt driver and didn't notice any user info as well. To make the picture full don't you know is there the same scheme there: some high level openstack api with user information and passing only

On Mon, Aug 7, 2017 at 2:14 AM, Anastasiya Ruzhanskaya via llvm-dev <llvm-dev at lists.llvm.org> wrote: > I am trying to print it like this (maybe here is smth wrong?) > > > LazyValueInfo &LV = getAnalysis<LazyValueInfoWrapperPass>().getLVI(); > DominatorTree &DT = > getAnalysis<DominatorTreeWrapperPass>().getDomTree(); > LV.printLVI(F,

Hello, I am trying to figure out, what vrp propagation does in llvm. I tried this program: #include <stdio.h> int main() { int s = 0; int j = 0; for (int i = 0; i < 100; i++) { j = j+i+1; s+=j; } return (s+j); } And got this under optimized version ( I don't want everything to be eliminated) define i32 @main()

Hello everyone, I have a question about logging. I need to find out whether it is possible to see user id/session id inside logs or somewhere else. It is not passed in structured across the network, so where should I look to find out, which user (which session) is currently performing the actions?

Hello, I need to perform the analysis of loop induction variables. However, as I understood, directly it is possible to extract only a canonical induction variable which is only one. If I have multiple induction variables with the step not one, are there any methods to extract their phi node? int a[10]; int b[10]; for (int i = 0, j = 1; i < 10, j < 10; i++, j+=2) {

As a Systems Administrator, I would like to grant permissions to a certain VM using unix groups. In this example there is a hypervisor with VMs A,B,C,D and there is a group called fortadmins. The solution I am searching forI would just allow fortadmins to use libvirt/virsh commands on VM D. Does libvirt/virsh provide any way to easily accomplish this goal? Regards, Jamie Ian Fargen

Ok, thank you. I will play around with it. I also noticed, that libvirt does not use this SNI extension. Actually,this not needed here, as we have only one location for server certificate, but this requires some modifications in mitmproxy, as for example tls in web browsers always include this SNI extensions. Are there maybe other big differences in tls implementation in libvirt or maybe some