Hi,
As the subject suggests, we are wondering whether there is any way to
restrict certain classes of users from performing any action other than
powering a VM up and down, and resetting it?
If this can't be done with KVM, does anybody have suggestions on how
this can be accomplished? The only way I can think of is with a setuid
binary that can only start VMs and send reset and shutdown commands to
its monitor socket. However, this does seem hackish and can be insecure
if it's not written perfectly.
Cheers,
Iordan
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
