ACLs in Virsh

Solution In Progress - Updated -

Environment

  • Red Hat Enterprise Linux ( RHEL ) 6.x

Issue

  • Add a possiblilty to virsh to add unix users or unix groups to some predefined or configurable roles.
  • If a User is added to a role, the user should be able to run the commands that are associated with the role. The virsh policy list command should show all roles a user is aligned to or (if no user is given) an alignment of all users/groups to the roles.

Resolution

  • Customers are recommended to switch to 7.1, which already supports ACLs.

Root Cause

  • Libvirt in RHEL-6 does not even support ACLs so requesting an easy way of modifying the ACLs does not make a lot of sense. We would first need to bring ACLs to RHEL-6, which would require libvirt to be rebased and doing so does not come without risks.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.