Daniel summarized my approach nicely. Basically I'm looking at enabling multi-tenancy administration where several admins can exist but they can only see and/or manipulate with resources (VMs, storage, networks) assigned to them. By making use of a generic AC-module approach where actions gets passed through arbitrary complex access control can be enforced since the AC-module could implement/interface different schemes of granting/denying access depending on what enforcing policy wants to be used. One could for example use SELinux as a scheme to enable RBAC and/or tie it together with policies for sVirt.
An initial implementation step would be realizing the AC-module foundation and starting with moving out the RW/RO enforcement (currently residing within libvirt.c) as first basic enforcement scheme. Freundliche GrĂ¼sse / Best regards Konrad Eriksson Research Software Engineer Trusted Computing / Security & Assurance Email: k...@zurich.ibm.com Phone: +41 (0)44 724 84 28 IBM Zurich Research Laboratory Saeumerstrasse 4 8803 Rueschlikon Switzerland From: "Daniel P. Berrange" <berra...@redhat.com> To: Atsushi SAKAI <sak...@jp.fujitsu.com> Cc: Konrad Eriksson1 <k...@zurich.ibm.com>, libvir-list@redhat.com Date: 01/16/2009 10:57 AM Subject: Re: [libvirt] Fine grained Access Control in libVirt On Fri, Jan 16, 2009 at 12:16:10PM +0900, Atsushi SAKAI wrote: > Hi, Dan > > Would you explain the difference with sVirt? > The final goal sVirt seems same form me. > (for example, define many security domain etc in .te file.) At this stage sVirt is primarily about protecting guests from each other, and protecting the host from guests. Konrad's suggestions are about protecting guests/hosts from administrators, by providing more fine grained control over what libvirt APIs an admin can invoke & on what objects. Both bits of work are required & are complementary to each other Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
<<image/gif>>
smime.p7s
Description: S/MIME Cryptographic Signature
-- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list