[Spice-devel] Virt-viewer single connection
Ivo Cavalcante
ivo.cavalcante at gmail.com
Thu Oct 4 10:55:01 UTC 2018
Hi people,
We're trying to implement a standard solution on our company, where
users who need Windows machines (some legacy software still uses it)
will have a VM on their workstations, using Libvirt/QEMU/KVM. The
biggest problem we're seeing so far is that we can't find a way to
prevent users with root access on the physical machine from "stealing"
an eventually open Windows session on virt-viewer from the machine
owners.
I know, only IT staff will have such privileges, but even then this
might pose a security threat that should be dealt with. I've looked
into ticketing, SASL and other things, but failed to find a way to
definitely avoid this.
Is there something I'm missing or is this a dead end? We're looking
primarily at Spice displays 'cause it just works - USB redirection,
video, audio... Easier than trying to achieve the same using open tools
and RDP.
Any help is much appreciated.
Thanks,
Ivo Cavalcante
More information about the Spice-devel
mailing list