On Thu, Jan 15, 2009 at 02:39:20PM +0100, Konrad Eriksson1 wrote: > When looking at the libvirt core and driver framework it seems promising > to inject these kind of call-out hooks either in libvirt.c or between > libvirt.c and the underlying drivers, by doing this AC will be enforced > independent of if a local or remote call is done to libVirt. In libvirt.c is probably easier ... And abstract out the read-only checks at the same time. > Feel free to comment and to come with improvement ideas. All sounds good. There's a wiki page waiting to be filled in with the details here: http://wiki.libvirt.org/page/TodoFineGrainedSecurity Rich. -- Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into Xen guests. http://et.redhat.com/~rjones/virt-p2v -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list