Changes/Virt ACLs

From FedoraProject

< Changes(Difference between revisions)
Jump to: navigation, search
(Change accepted en block on Jul 24 FESCo meeting (#1140))
(Documentation)
Line 70: Line 70:
 
<!-- N/A (not a System Wide Change)  -->
 
<!-- N/A (not a System Wide Change)  -->
 
* https://www.redhat.com/archives/libvir-list/2013-May/msg00699.html
 
* https://www.redhat.com/archives/libvir-list/2013-May/msg00699.html
* XXX: libvirt docs forthcoming
+
* General docs on access control system http://libvirt.org/acl.html
 +
* Polkit driver usage / config http://libvirt.org/aclpolkit.html
 
* XXX: should blog about this when ready
 
* XXX: should blog about this when ready
  

Revision as of 18:50, 9 August 2013

Contents

Role based access control with libvirt

Summary

Allow role based access control with libvirt.

Owner

Current status

  • Targeted release: Fedora 20
  • Last updated: 2013-06-11
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

Libvirt role based access control will allow fine grained access control like 'user FOO can only start/stop/pause vm BAR', but for all libvirt APIs and objects.

Benefit to Fedora

  • Nice, new, oft requested feature is finally available that we can advertise for Fedora 20.

Scope

  • Proposal owners:
  1. 90% of the work is already in rawhide
  2. Documentation needs to be written
  • Other developers: N/A (not a System Wide Change)
  • Release engineering: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)

Upgrade/compatibility impact

N/A (not a System Wide Change)

How To Test

TBD when work is testable.

User Experience

N/A (not a System Wide Change)

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change)

Documentation

Release Notes

Libvirt now supports role based access control, which allows setting rules such as 'user FOO can only start/stop/pause vm BAR'.