From Fedora Project Wiki

VirtuAuthorization

Summary

Configuration of fine grained authorization for remote virtual machine management services.

Owner

Current status

  • Targeted release: 13
  • Last updated: 2009-07-15
  • Percentage of completion: 0%

Detailed Description

Previous Fedora releases have added encryption and authentication support to the libvirt daemon/client and VNC server/client asssociated with Xen and KVM. Any user who authenticates successfully will have access to all the capabilities. This feature is intended to allow configuration of authorization information, to allow users to be restricted in what capabilities they can use.

Benefit to Fedora

More flexible deployment of virtual machine services and the ability to delegate administrative tasks to users without giving full access to management capabilities.

Scope

This work will mostly take place in libvirt.

The libvirtd daemon already has simple whitelists for authorizing users of the libvirt RPC service. It is an all or nothing capability though. In addition it needs to be possible to authorization individual users to use individual VNC servers.

How To Test

TBD

User Experience

TDB

Dependencies

The impact should be contained to the libvirt package

Contingency Plan

Maintain current level of functionality. No backup plan required

Documentation

TBD

Release Notes

TBD

Comments and Discussion