On Mon, 2011-06-06 at 15:41 +0100, Daniel P. Berrange wrote: > What follows is a document outlining some thoughts I've been having > on extending sVirt to allow confinement of applications which talk > to libvirtd on the host, primarily focusing on use of SELinux, but > also allowing a simple non-SElinux RBAC mechanism. Are we reinventing a lot of PolicyKit? I don't think policykit does a good job of using SELinux but it does attempt to solve most of the same problem you are attempting to solve here. I just want to make sure it was looked at, even if I like the approach you are taking here more... -Eric -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list