libvirt ACLs

Comments

I was looking at /etc/libvirt/libvirtd.conf on a RHEL 7.0 machine (libvirt 1.1.1) and a RHEL 7.1 beta machine (libvirt 1.2.8), and I saw that there is an option to enable libvirt ACLs.

# Change the API access control scheme
#
# By default an authenticated user is allowed access
# to all APIs. Access drivers can place restrictions
# on this. By default the 'nop' driver is enabled,
# meaning no access control checks are done once a
# client has authenticated with libvirtd
#
#access_drivers = [ "polkit" ]

However, I cannot find any documentation on libvirt ACLs in the RHEL documentation. I can only find libvirt project documentation and some info from the Fedora project.
http://libvirt.org/aclpolkit.html
http://libvirt.org/acl.html
http://fedoraproject.org/wiki/Changes/Virt_ACLs
http://fedoraproject.org/wiki/QA:Testcase_Virt_ACLs

As a sysadmin who maintains only 1 RHEL KVM host at work (and therefore would not use full-blown RHEV), this sounds like a great feature. Has anyone used libvirt ACLs successfully?

Started 2015-02-23T04:01:18+00:00 by

Mike DePaulo

Active Contributor 119 points

Select Your Language

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links