Re: [libvirt] [PATCH dbus] Run system instance as an unprivileged user account

There is no reason for the libvirt-dbus daemon to require root privileges. All it actually needs is ability to connect to libvirtd, which can be achieved by dropping in a polkit configuration file Now a libvirt connection to the system bus gives you privileges equivalent to root, so this doesn't really improve security on its own. It relies on there being a dbus policy that prevents users from issuing elevated APIs. For example, a DBus policy could allow non-root users to list VMs on the system bus and get their status (aka virsh list equiv). In this case, the security isolation does give some benefit. Security can be further improved if the admin uses the libvirt polkit file to restrict what libvirt-dbus is permitted to do. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; --- [...] diff --git a/data/system/org.libvirt.conf b/data/system/org.libvirt.conf index 5cbc732..2b11717 100644 --- a/data/system/org.libvirt.conf +++ b/data/system/org.libvirt.conf @@ -4,7 +4,7 @@ <busconfig> - <policy user="root"> + <policy user="libvirtdbus"> <allow own="org.libvirt"/> <allow send_destination="org.libvirt"/> </policy>