[RedHat 6.3] Allow virt-manager but not libvirt
We are trying to get a "secure" KVM-environment up and running, but keep hitting walls.
We don't want our users to be able to do what ever they want, and virt-manager is quite simple to modify (just python-scripts).
The users need to be able to run virt-manager without root, but not be able to create machines in a terminal.
Therefor i cannot use policykit-action org.libvirt.unix.policy and allow_any.
Is this even possible?
Is policykit the right way to go or do we need to look at selinux?
Thanks so much for all tips and pointers, i'm totaly stuck right now.