On Fri, Dec 05, 2025 at 04:05:36PM +0100, Peter Krempa via Users wrote: > On Fri, Dec 05, 2025 at 14:51:35 +0000, Nikolaus Rath wrote: > > Hi Peter! > > > > On Fri, 5 Dec 2025, at 14:40, Peter Krempa wrote: > > >> Therefore, I'd like to give users more limited permissions - but I'm a > > >> bit lost about the best way to approach that. It seems that I could: > > >> > > >> - tighten (or relax) socket permissions in the systemd config > > >> > > >> - switch off socket activation and configure socket permissions in > > >> libvirtd.conf > > >> > > >> - Configure socket-dependent permissions in libvirt > > > > > > None of this will help unless you trust the user. Whoever is able to > > > define a full XML is effectively root. > > > > I was thinking that perhaps there is a socket that I can configure in such > > a way that it doesn't allow defining the XML? (I thought that the > > -ro.socket might do something like this) > > The read-only connection doesn't allow defining XML, but also doesn't > allow starting/stopping the VM or any other state change for that > matter, just looking at the state. > > You need to use fine-grained ACL on the "write-enabled" socket for that.
We have an example for the config for this here: https://gitlab.com/libvirt/libvirt/-/blob/master/examples/polkit/libvirt-acl.rules With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
