Describe KVM Multiuser Usage here.
Put up some thoughts here on multiuser KVM usage.
Multiuser usage of KVM: Assumptions
- The host computer runs several instances of KVM virtual machines.
- Each virtual machine runs as a process with privileges of a user it is allocated to. This makes it possible to utilize standard Linux user access control mechanisms.
- Users may logon in various ways (see below), but even if a user possesses a shell account on the host computer, they should be prevented from direct execution of KVM (e. g. from command line), i. e. from uncontrolled creation of virtual machine instances. Therefore, a secure wrapper is necessary to run KVM on users' behalf.
User Logon Possibilities
- Logon via ssh to the host computer, then launch a VM by invoking the wrapper passing desired ID of VM to start, then ssh into the VM (or xdm, or http)
- VM is already running for a user (variant: frozen when user logs off, and unfrozen when they log on), so user logs on via ssh (or xdm, ot http) into a running VM instance
- VM is running as a daemon, providing some services to other VMs (e. g. NFS/SAMBA server), and users access it indirectly from their own VMs by appropriate protocols
Virtual Machine Layout
Classification of QEMU/KVM Options (as of 0.17)
Options that Users Are Allowed to Set
Options that Users Are Not Allowed to Set
VM ID Structure
VM Directory Structure