The big question i have here is, why do the users have access to the system with the hypervisor, why not only to the VMS. Use something like ovirt or proxmox and you do not have that problem anymore On 22/06/15 08:20, "libvirt-users-bounces@xxxxxxxxxx on behalf of sbaugh@xxxxxxxxxx" <libvirt-users-bounces@xxxxxxxxxx on behalf of sbaugh@xxxxxxxxxx> wrote: > >Hi libvirt-users, > >I find myself wanting to do something that seems like it must have some >obvious solution: I have multiple users (let's just assume local Unix >accounts) on a Linux system, and I want them all to have access to >KVM-accelerated virtualization. But, I don't want them to be able to >meddle with each other's virtual machines. Is there a solution to this >problem? > >Methods of attack that have occured to me: > >- Use PolicyKit to only allow a user to access qemu:///system VMs that > are somehow marked as owned by that user >- Run multiple libvirt qemu:///system daemons and restrict access to > each on a per-user basis >- Allow qemu:///session VMs to actually be KVM-accelerated (this seems > like the best way to do it, but I have no idea if that's even > possible) > >Again, the third seems like the best way, but I'm not sure of how to >allow such VMs to be KVM-accelerated, and not sure if it's possible for >them to use anything other than usermode networking. > >Hopefully I'm missing some obvious way to do it! > >Thanks for any assistance! > >_______________________________________________ >libvirt-users mailing list >libvirt-users@xxxxxxxxxx >https://www.redhat.com/mailman/listinfo/libvirt-users _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
