Configuration of fine grained authorization for remote virtual machine management services.
- Name: Daniel Berrange
- email: firstname.lastname@example.org
- Targeted release: 12
- Last updated: (DATE)
- Percentage of completion: 0%
Previous Fedora releases have added encryption and authentication support to the libvirt daemon/client and VNC server/client asssociated with Xen and KVM. Any user who authenticates successfully will have access to all the capabilities. This feature is intended to allow configuration of authorization information, to allow users to be restricted in what capabilities they can use.
Benefit to Fedora
More flexible deployment of virtual machine services and the ability to delegate administrative tasks to users without giving full access to management capabilities.
This work will mostly take place in libvirt.
The libvirtd daemon already has simple whitelists for authorizing users of the libvirt RPC service. It is an all or nothing capability though. In addition it needs to be possible to authorization individual users to use individual VNC servers.
How To Test
The impact should be contained to the libvirt package
Maintain current level of functionality. No backup plan required