From Fedora Project Wiki
(Change Proposal ready for 2013-07-24 FESCo meeting (#1140))
(Replace content with link to test case)
 
(6 intermediate revisions by 3 users not shown)
Line 31: Line 31:
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
-->
-->
* Tracker bug: <will be assigned by the Wrangler>
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=998507 #998507]


== Detailed Description ==
== Detailed Description ==
Line 42: Line 42:


* Proposal owners:
* Proposal owners:
# 90% of the work is already in rawhide
# 100% of the work is already in rawhide
# Documentation needs to be written
# Documentation is written


* Other developers: N/A (not a System Wide Change)
* Other developers: N/A (not a System Wide Change)
Line 53: Line 53:


== How To Test ==
== How To Test ==
<!-- N/A (not a System Wide Change) -->
 
TBD when work is testable.
See the test case at: https://fedoraproject.org/wiki/QA:Testcase_Virt_ACLs


== User Experience ==
== User Experience ==
Line 70: Line 70:
<!-- N/A (not a System Wide Change)  -->
<!-- N/A (not a System Wide Change)  -->
* https://www.redhat.com/archives/libvir-list/2013-May/msg00699.html
* https://www.redhat.com/archives/libvir-list/2013-May/msg00699.html
* XXX: libvirt docs forthcoming
* General docs on access control system http://libvirt.org/acl.html
* XXX: should blog about this when ready
* Polkit driver usage / config http://libvirt.org/aclpolkit.html
* https://fedoraproject.org/wiki/QA:Testcase_Virt_ACLs


== Release Notes ==
== Release Notes ==
Line 77: Line 78:




[[Category:ChangeReadyForFesco]]
[[Category:ChangeAcceptedF20]]
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->

Latest revision as of 18:16, 4 October 2013

Role based access control with libvirt

Summary

Allow role based access control with libvirt.

Owner

Current status

Detailed Description

Libvirt role based access control will allow fine grained access control like 'user FOO can only start/stop/pause vm BAR', but for all libvirt APIs and objects.

Benefit to Fedora

  • Nice, new, oft requested feature is finally available that we can advertise for Fedora 20.

Scope

  • Proposal owners:
  1. 100% of the work is already in rawhide
  2. Documentation is written
  • Other developers: N/A (not a System Wide Change)
  • Release engineering: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)

Upgrade/compatibility impact

N/A (not a System Wide Change)

How To Test

See the test case at: https://fedoraproject.org/wiki/QA:Testcase_Virt_ACLs

User Experience

N/A (not a System Wide Change)

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change)

Documentation

Release Notes

Libvirt now supports role based access control, which allows setting rules such as 'user FOO can only start/stop/pause vm BAR'.