On Fri, Feb 19, 2010 at 07:32:52PM +0100, Emre Erenoglu wrote: > On Thu, Feb 18, 2010 at 3:36 PM, Cole Robinson <[email protected]> wrote: > > > On 02/17/2010 05:55 PM, Dennis J. wrote: > > > Hi, > > > Is it possible to provide access to individual VMs using virsh or > > > virt-manager? What I'm specifically trying to do is to give users the > > > ability to shutdown/destroy/start their own virtual machines in case the > > VM > > > hangs. Is this possible? > > > > > > > Not at this time, the required support is missing at the libvirt level, > > it's really all or nothing > > > > Having users use the qemu:///session libvirt connection, they can each > > have their own VMs run as their own user, stored in the their homedir, > > but there are technical limitations: no use of bridged networking, VMs > > can't be autostarted, among others. > > > > So in this case, do I understand right that if someone would write another > layer of authentication system that would "do stuff as root" on behalf of > that authenticated user but to the limit of his permissions (ie reaching a > specific VM), that would do it.
You'd have to wrap all the libvirt tools / APIs if you did it as another layer. What we'd like to see long term is for libvirt to get direct support for role based access control / fine-grained authorization. This would let admins directly delegate access to VMs to users, allowing them to use all the normal libvirt tools. This is quite a large amount of work, so its not going to arrive soon Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| _______________________________________________ virt-tools-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/virt-tools-list
