Hi, Dan Thank you for commenting this. I am eased to hear this. I also agrees this issue has many task. p.s. I want to know the possibility of fine grained access control in libvirt, since our young guy is investigating the access control in Dom0-Xen. Thanks Atsushi SAKAI "Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote: > On Fri, May 09, 2008 at 09:49:19AM +0900, Atsushi SAKAI wrote: > > I have a question of libvirt with Polkit. > > Currently, the libvirt w/ Polkit has 2 access control permissions. > > (Read Only and Read Write) > > > > Have you planned to expand the access control more finer? > > In my use case, Policy should define by domain, operation, operator. > > Of course, operator is already considered on current libvirt w/ Polkit. > > So at this point, it needs to add domain and operation policy. > > > > The use case is for many(about 100 or more) domain operation. > > > > I just want to know how to minimize granting access control permission > > of each user on libvirt in future. > > PolicyKit at this time is only used to authenticate local access from > applications running in the host's desktop session. While it allows > you to make up many fine grained permissions, it doesn't let you dynamicaly > associate the permissions with individual objects. eg there is a policykit > check to determine whether a user is allowed to mount removable disks - that > applies to all removal disks - you can say disk A, but not disk B. > > While we could add lots more privileges that just read-write and read-only > this would only get us part way to where we really need to be. The ideal > goal is that we can have fine grained privileges applied to individual > virtual machines, storage pools, networks, etc. The only framework that > really comes close to this level of flexibility is SELinux, so one of the > long term TODO items is to investigate whether we can integrate with SELinux > for fine grained access control. > > As an example DBus uses SELinux to control who can access services on the > system bus, and what actisons they can perform. Another example is SEPostgresql > which uses SELinux to control accesss to individual tuples & colums in the > database. So it is clearly able to provide the flexibility we need and scales > to huge performance critical applications such as databases. This doesn't > make it a quick or easy task to use in libvirt though. It'll involve alot > of thought, design & development. > > In the mean time, it is possible that PolicyKit might actually gain the > ability to apply authorizaation to individual objects, and also gain ability > to use SELinux as its underlying policy engine. So we have to watch what > happens there too. > > There's not really any firm timeline for any of this work, but its stuff > we definitely want to get into libvirt > > Dan. > -- > |: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :| > |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| > |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| > |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list