From Fedora Project Wiki
< Changes
Role based access control with libvirt
Summary
Allow role based access control with libvirt.
Owner
- Name: Daniel P. Berrange
- Email: berrange@redhat.com
- Name: Cole Robinson
- Email: crobinso@redhat.com
- Release notes owner:
Current status
Detailed Description
Libvirt role based access control will allow fine grained access control like 'user FOO can only start/stop/pause vm BAR', but for all libvirt APIs and objects.
Benefit to Fedora
- Nice, new, oft requested feature is finally available that we can advertise for Fedora 20.
Scope
- Proposal owners:
- 100% of the work is already in rawhide
- Documentation is written
- Other developers: N/A (not a System Wide Change)
- Release engineering: N/A (not a System Wide Change)
- Policies and guidelines: N/A (not a System Wide Change)
Upgrade/compatibility impact
N/A (not a System Wide Change)
How To Test
See the test case at: https://fedoraproject.org/wiki/QA:Testcase_Virt_ACLs
User Experience
N/A (not a System Wide Change)
Dependencies
N/A (not a System Wide Change)
Contingency Plan
- Contingency mechanism: N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change)
Documentation
- https://www.redhat.com/archives/libvir-list/2013-May/msg00699.html
- General docs on access control system http://libvirt.org/acl.html
- Polkit driver usage / config http://libvirt.org/aclpolkit.html
- https://fedoraproject.org/wiki/QA:Testcase_Virt_ACLs
Release Notes
Libvirt now supports role based access control, which allows setting rules such as 'user FOO can only start/stop/pause vm BAR'.