On Tue, Sep 24, 2013 at 09:04:00AM +0000, Исаев Виталий Анатольевич wrote: > Dear developers! > > We are working on the project based on Red Hat Enterprise Virtualisation and > Red Hat Identity Management. RHEV environment will be deployed in protected > internal enterprise network. Now we are developing special admin tools in > order to extend functionality of RHEL IdM and we faced with a rather > difficult problem... The system should meet the increased demands of > informational security, so what we are trying to implement is: > > > 1. Intercept the event of user's VM start on the RHEL Hypervisor; > > 2. Suspend the VM; > > 3. Mount VM's disk to Hypervisor (or some other VM, for instance, > admin's VM);
If you care about security, *never* mounted guest filesystems on the host OS, or any other important VM. You want to use a throwaway VM, or better yet, use libguestfs http://libguestfs.org/guestfs.3.html#security-of-mounting-filesystems > > 4. Check the integrity of the VM's system files (count md5sum etc.) > > 5. Unmount disk; > > 6. If verification is passed, start the VM, else - power off and > disable VM till the decision of administrator. > > Is there any opportunity to implement this within the libvirt API? Libvirt has hooks that are run prior to starting a VM http://libvirt.org/hooks.html but you must not make any calls to libvirt from a hook, and hooks should be very short scripts/fast to execute, since they are synchronous with libvirt execution. IMHO the scenario you describe is probably better implmeneted at the RHEV level of the stack Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list