This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] Access Control solution for Xen?

To: xen-users <xen-users@xxxxxxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Access Control solution for Xen?
From: Ozan Safi <ozansafi@xxxxxxxxx>
Date: Wed, 8 Dec 2010 11:54:48 +0100
Delivery-date: Wed, 08 Dec 2010 02:56:48 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:from:date :message-id:subject:to:content-type; bh=V/jgI8hguibukK01rlKhORhD00ER8qe9a4Zrh0ugku0=; b=JzmZM27COlKw2wNL1hZbbUI9zmVGylQNDLAQlNr34Khk+JGR9hAidBqDD0QT4mJrVS hUl/Huye5MEX52sU+G9SJAVR9I9Y4cscNHLjpLKCdpBNK4lFxzyzLIp5MfGxzFqzulgX 1gLYaXR2TwB9jyzdgDVNdRc825RsM5wUpSk+M=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; b=PjF7WR+Yk1kVrJ5pMU1dFZPiRUrk25f36oz+/g04BKkqBgBFfRUG32Zv6GUi1umXV7 Y0HwApliJI5dqKechB0vMLvOxBpF4JDu4vYT/5mlW+aTkNkrTO/S/qhgqVvg9DDwglZK OjWUxDUOAKuo72FzibJFhYSBqOtBPA+tM/2Fc=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Is anyone aware of an open-source solution (CLI or webGUI) that can restrict access to users based on their roles?
For instance, I want to limit what role X can do to just list their own VMs and restart or shut it down. 

I've thought of implementing this by putting an access control module inside the Xend code which would interact with some sort of mapping between users, roles, and what they can do. Would it be a better idea to instead do this in libxenlight which is a layer down? (I want to enforce access control as close as possible to the hypervisor)

Xen-users mailing list
<Prev in Thread] Current Thread [Next in Thread>