Eric Blake <ebl...@redhat.com> writes: > On 07/30/2015 11:10 AM, Anshul Arora (akarora) wrote: >> Team, >> >> I note that libvertd runs as root user that is against the least privilege >> security model. >> >> root 307278 1 0 Jun20 ? 04:16:46 /usr/sbin/libvirtd -listen > > Sadly, that IS the least privilege required for successfully running > qemu:///system or lxc:/// guests. > >> >> >> Appreciate pointers to alternate options that user could configure as a >> potential mitigation plan? > > Use qemu:///session connections - that runs a separate libvirtd process > as the current user, just fine. Without privileges, your guests will > have a harder time using networking, but that's what you'd expect.
To enhance this experience, make sure that /dev/kvm is writable by the current user, and configure qemu-bridge-helper (and make sure it's setuid). _______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
