Is anyone aware of a way to restrict usage of dom0 (i.e., the xm command) to a certain subset of commands? In my case I'd like to prevent the dom0 user from doing anything other than resuming a saved domU.
I'm guessing that since you need to be root to use the xm tool there's not much I can do to restrict powers. I'd love to hear any ideas on other ways of achieving my goal.
Without modifying xend to not support certain operations, you can't stop someone with access to the dom0 from starting new domUs, because someone who wanted to start a new domU could just issue API commands. Honestly, restricting xm commands is somewhat dangerous because there are ways that a domU can crash, and need to be restarted.
Also, if someone who can't be trusted not to start VMs at inappropriate moments has root on your dom0s, I really think your permissions priorities are drunkenly insane. Instead, consider restricting users who need to do these limited operations to a non-root user, and a sudo-enabled wrapper script provided to manipulate VM state in approved ways.
