On Fri, Dec 05, 2025 at 14:51:35 +0000, Nikolaus Rath wrote:
Hi Peter!
On Fri, 5 Dec 2025, at 14:40, Peter Krempa wrote:
Therefore, I'd like to give users more limited permissions - but I'm a bit lost about the best way to approach that. It seems that I could:
- tighten (or relax) socket permissions in the systemd config
- switch off socket activation and configure socket permissions in libvirtd.conf
- Configure socket-dependent permissions in libvirt
None of this will help unless you trust the user. Whoever is able to define a full XML is effectively root.
I was thinking that perhaps there is a socket that I can configure in such a way that it doesn't allow defining the XML? (I thought that the -ro.socket might do something like this)
The read-only connection doesn't allow defining XML, but also doesn't allow starting/stopping the VM or any other state change for that matter, just looking at the state. You need to use fine-grained ACL on the "write-enabled" socket for that.