WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] Finer access control framework over users, domains and o

from [Syunsuke HAYASHI] [Permanent Link][Original]
To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] Finer access control framework over users, domains and operations.
From: Syunsuke HAYASHI <syunsuke@xxxxxxxxxxxxxx>
Date: Fri, 30 May 2008 18:59:51 +0900
Delivery-date: Fri, 30 May 2008 03:00:23 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <18481.21663.161348.181541@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <48311B5E.2060100@xxxxxxxxxxxxxx> <18481.21663.161348.181541@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.5 (Windows/20070716) 
Hi, Ian

We understand that the implementation of the ACM on the web layer is easy.
But we think that basic control tools of Xen (xm and libvirt) also need the ACM
It is necessary to realize the ACM which considers users, domains and operations. 
We only know ways that control by the unit of users or processes.
Please let us know if there are other tools or ways that realize the ACM.

Thanks,


Ian Jackson wrote:
> Syunsuke HAYASHI writes ("[Xen-devel] Finer access control framework over users, domains and operations."): 
>> The current implementation exclusively allows root to control guest
>> domains.  Guest administrators have to switch to root so they can
>> bring their own guest domains up and down.
>
> In most deployments this problem is addressed by the use of (for
> example) a web-based management interface layered on top of the
> underlying xm machinery.
>
> Do your users really need an structurally very similar interface to
> that provided by xm or libvirt ?  If so then yes maybe you will need
> to write a policy-enforcing proxy but this would be a very large
> amount of work and I wouldn't recommend it as an approach unless
> unavoidable.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] is it possible to build two privileged domain at boot time?, Derek Murray
Next by Date:  [Xen-devel] Xen/paravirt_ops page on Xen wiki, Jeremy Fitzhardinge
Previous by Thread:  Re: [Xen-devel] Finer access control framework over users, domains and operations., Ian Jackson
Next by Thread:  Re: [Xen-devel] Finer access control framework over users, domains and operations., Ian Jackson
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy