Hello, I noticed that (at least on my Fedora installation), adding a user to the libvirt group is equivalent to giving full root access (since the user can add arbitrary block devices to VMs, and then use the VM to modify the block device). Therefore, I'd like to give users more limited permissions - but I'm a bit lost about the best way to approach that. It seems that I could: - tighten (or relax) socket permissions in the systemd config - switch off socket activation and configure socket permissions in libvirtd.conf - Configure socket-dependent permissions in libvirt - Enable policykit ACL checks, and configure permissions there. Could someone give me a recommendation what (combination?) of these options would most suitable for a simple "users can interact with their predefined VMs" model? Ideally, users would be able to configure and interact with VMs that are assigned to them, without having access to operations that are trivially root-equivalent (like adding new storage devices from the host). If that's difficult, I'd also settle for a simpler model where users can't change VM permissions at all, and are limited to starting, stopping, and connecting to the console of their VM. What's the best way to accomplish that? Best, -Nikolaus