Daniel summarized my approach nicely.
Basically I'm looking at enabling multi-tenancy administration where several admins can exist but they can only see and/or manipulate with resources (VMs, storage, networks) assigned to them.
By making use of a generic AC-module approach where actions gets passed through arbitrary complex access control can be enforced since the AC-module could implement/interface different schemes of granting/denying access depending on what enforcing policy wants to be used.
One could for example use SELinux as a scheme to enable RBAC and/or tie it together with policies for sVirt.
An initial implementation step would be realizing the AC-module foundation and starting with moving out the RW/RO enforcement (currently residing within libvirt.c) as first basic enforcement scheme.
Freundliche Grüsse / Best regards
Konrad
Eriksson Research Software Engineer Trusted Computing / Security & Assurance Email: kon@xxxxxxxxxxxxxx Phone: +41 (0)44 724 84 28 | IBM Zurich Research Laboratory Saeumerstrasse 4 8803 Rueschlikon Switzerland |
From: | "Daniel P. Berrange" <berrange@xxxxxxxxxx> |
To: | Atsushi SAKAI <sakaia@xxxxxxxxxxxxxx> |
Cc: | Konrad Eriksson1 <KON@xxxxxxxxxxxxxx>, libvir-list@xxxxxxxxxx |
Date: | 01/16/2009 10:57 AM |
Subject: | Re: [libvirt] Fine grained Access Control in libVirt |
On Fri, Jan 16, 2009 at 12:16:10PM +0900, Atsushi SAKAI wrote:
> Hi, Dan
>
> Would you explain the difference with sVirt?
> The final goal sVirt seems same form me.
> (for example, define many security domain etc in .te file.)
At this stage sVirt is primarily about protecting guests from
each other, and protecting the host from guests.
Konrad's suggestions are about protecting guests/hosts from
administrators, by providing more fine grained control over
what libvirt APIs an admin can invoke & on what objects.
Both bits of work are required & are complementary to each other
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list