Re: [libvirt] [PATCH dbus] Run system instance as an unprivileged user account

On Friday, 27 October 2017 16:18:42 CEST Daniel P. Berrange wrote: > There is no reason for the libvirt-dbus daemon to require root privileges. All > it actually needs is ability to connect to libvirtd, which can be achieved by > dropping in a polkit configuration file > > Now a libvirt connection to the system bus gives you privileges equivalent to > root, so this doesn't really improve security on its own. It relies on there > being a dbus policy that prevents users from issuing elevated APIs. > > For example, a DBus policy could allow non-root users to list VMs on the > system bus and get their status (aka virsh list equiv). In this case, the > security isolation does give some benefit. > > Security can be further improved if the admin uses the libvirt polkit file to > restrict what libvirt-dbus is permitted to do. > > Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; > --- > [...] > diff --git a/data/system/org.libvirt.conf b/data/system/org.libvirt.conf > index 5cbc732..2b11717 100644 > --- a/data/system/org.libvirt.conf > +++ b/data/system/org.libvirt.conf > @@ -4,7 +4,7 @@ > > <busconfig> > > - <policy user="root"> > + <policy user="libvirtdbus"> > <allow own="org.libvirt"/> > <allow send_destination="org.libvirt"/> > </policy> Most probably this file should be git rm'ed, and added to the .gitignore.