Hello!
Excuse me for renewing this discussion.
You mentioned that you can't send identity information over the remote
channel in libvirt.
In virt-manager, which directly uses libvirt remote functionality, there
are such fields (attached, "username").
What they are used for? Are they used somehow in
On Sun, May 27, 2018 at 08:03:28PM +0300, Anastasiya Ruzhanskaya wrote:
> Hello!
> I still want to clarify one question. Instead of making authentication of
> oVirt and then impersonation of each user, oVirt can just pass user
> information inside messages and libvirt at the end can read this user
Hello!
I still want to clarify one question. Instead of making authentication of
oVirt and then impersonation of each user, oVirt can just pass user
information inside messages and libvirt at the end can read this user
information inside rpc messages (perhaps user login could be written in one
of s
On Sat, May 12, 2018 at 11:36:08AM +0300, Anastasiya Ruzhanskaya wrote:
> I actually didn't quite catch,why oVirt can't just pass user information
> and you could check against it? This may require to create some
> configuration files for libvirt about end users.
> What is a advantage of authentica
I actually didn't quite catch,why oVirt can't just pass user information
and you could check against it? This may require to create some
configuration files for libvirt about end users.
What is a advantage of authenticating oVirt, and then impersonation for end
user?
2018-05-11 16:37 GMT+03:00 Dan
On Fri, May 11, 2018 at 05:25:25PM +0300, Anastasiya Ruzhanskaya wrote:
> I see. I also know OpenStack uses libvirt, nova-compute has a driver for
> communication.
> I have briefly looked through these 10 thousand lines of code in overall on
> github for openstack's libvirt driver and didn't notice
I see. I also know OpenStack uses libvirt, nova-compute has a driver for
communication.
I have briefly looked through these 10 thousand lines of code in overall on
github for openstack's libvirt driver and didn't notice any user info as
well.
To make the picture full don't you know is there the sam
On Fri, May 11, 2018 at 04:26:36PM +0300, Anastasiya Ruzhanskaya wrote:
> Excuse me for renewing this discussion, but I am curious if you would add
> new module, which will be able to process users not based on unix
> processes, from where do you plan to get usernames? I mean, virt-manager
> could
Excuse me for renewing this discussion, but I am curious if you would add
new module, which will be able to process users not based on unix
processes, from where do you plan to get usernames? I mean, virt-manager
could give them, as there is authentication in GUI, but for example when
using oVirt,
Great, thanks for pointing this out. I will certainly look at it.
2018-05-09 14:41 GMT+03:00 Daniel P. Berrangé :
> On Wed, May 09, 2018 at 10:00:19AM +0100, Daniel P. Berrangé wrote:
> > On Wed, May 09, 2018 at 11:50:33AM +0300, Anastasiya Ruzhanskaya wrote:
> > > Here https://libvirt.org/acl.ht
On Wed, May 09, 2018 at 10:00:19AM +0100, Daniel P. Berrangé wrote:
> On Wed, May 09, 2018 at 11:50:33AM +0300, Anastasiya Ruzhanskaya wrote:
> > Here https://libvirt.org/acl.html is stated that you designed this access
> > control system as pluggable. Are there any options ( even with modifying
>
On Wed, May 09, 2018 at 11:50:33AM +0300, Anastasiya Ruzhanskaya wrote:
> Here https://libvirt.org/acl.html is stated that you designed this access
> control system as pluggable. Are there any options ( even with modifying
> libvirt code) to plug in any custom driver?
> I just need to take a try an
Here https://libvirt.org/acl.html is stated that you designed this access
control system as pluggable. Are there any options ( even with modifying
libvirt code) to plug in any custom driver?
I just need to take a try and design something that will support remote
access control.
I am not sure if sVi
On Wed, May 09, 2018 at 11:21:22AM +0300, Anastasiya Ruzhanskaya wrote:
> Ok, excuse me for misunderstanding, how it is possible then to set up
> access control when I use remote connection to KVM ( not in UNIX domain)?
> Is there any way within libvirt, maybe based on authentication or
> certifica
Ok, excuse me for misunderstanding, how it is possible then to set up
access control when I use remote connection to KVM ( not in UNIX domain)?
Is there any way within libvirt, maybe based on authentication or
certificates?
2018-05-09 11:14 GMT+03:00 Daniel P. Berrangé :
> On Wed, May 09, 2018 at
On Wed, May 09, 2018 at 11:13:01AM +0300, Anastasiya Ruzhanskaya wrote:
> I read this page https://libvirt.org/aclpolkit.html
> And it is written :"At this point in time, the only attribute provided by
> libvirt to identify the user invoking the operation is the PID of the
> client program. This me
I read this page https://libvirt.org/aclpolkit.html
And it is written :"At this point in time, the only attribute provided by
libvirt to identify the user invoking the operation is the PID of the
client program. This means that the polkit access control driver is only
useful if connections to libvi
On Wed, May 09, 2018 at 09:46:28AM +0300, Anastasiya Ruzhanskaya wrote:
> Hello!
> According to the documentation access control drivers are not in really
> "good condition". There is a polkit, but it can distinguish users only
> according the pid. However, I have met some articles about more
> fin
Hello!
According to the documentation access control drivers are not in really
"good condition". There is a polkit, but it can distinguish users only
according the pid. However, I have met some articles about more
fine-grained control and about selinux drivers for libvirt? So, what is the
status no
19 matches
Mail list logo
