[virt-tools-list] Console for specific VMs only

[Cole Robinson]

On 01/09/2015 08:47 AM, Steve Amerige wrote:
> Hi all,
> 
> I've just joined this list.  I've been using KVM for a couple of years now and
> have just joined the list.  I use virt-manager as well as command line tools
> and custom software that we've written to manage a KVM server farm based on
> CentOS 6.6 and CentOS 7.0.
> 
> My first question for the group is this: While I, as an administrator, use
> virt-manager and can open the console to a particular VM, I frequently have
> internal customers that I want to give access to a specific VM only so that
> they can have console access to their VM.
> 
> If virt-manager had a way of being restricted to showing just one VM, then I
> could provide a secure script that calls virt-manager in this way.
> 
> Is this possible?  Is there any way today to open from the command line the
> console for a specific VM?
> 

Depends on how much isolation you want.

Do you want users to be able to access one and only one VM, so they can't
interfere with other users? If so, look into libvirt ACLs[1]. Or you could add
VNC/SPICE passwords, share them with the users, and have them connect using
remote-viewer. But then they won't be able to perform any tasks on the VM like
start/stop etc.

[1] https://fedoraproject.org/wiki/Changes/Virt_ACLs

- Cole