Re: Libvirt access control drivers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello!
Excuse me for renewing this discussion.
You mentioned that you can't send identity information over the remote channel in libvirt.
In virt-manager, which directly uses libvirt remote functionality, there are such fields (attached, "username").
What they are used for? Are they used somehow in the sent packets?



ср, 9 мая 2018 г. в 11:27, Daniel P. Berrangé <berrange@xxxxxxxxxx>:
On Wed, May 09, 2018 at 11:21:22AM +0300, Anastasiya Ruzhanskaya wrote:
> Ok, excuse me for misunderstanding, how it is possible then to set up
> access control when I use remote connection to KVM ( not in UNIX domain)?
> Is there any way within libvirt, maybe based on authentication or
> certificates?

Unfortunately we don't have a solution for fine grained access control
when using remote TCP access. We had a feature request against polkit
to allow passing it identity information such as certificate distinguished
name, but that was rejected :-(

Regards,
Daniel
--
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Attachment: ff.png
Description: PNG image

_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users

[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux