On Fri, Dec 05, 2025 at 14:51:35 +0000, Nikolaus Rath wrote: > Hi Peter! > > On Fri, 5 Dec 2025, at 14:40, Peter Krempa wrote: > >> Therefore, I'd like to give users more limited permissions - but I'm a > >> bit lost about the best way to approach that. It seems that I could: > >> > >> - tighten (or relax) socket permissions in the systemd config > >> > >> - switch off socket activation and configure socket permissions in > >> libvirtd.conf > >> > >> - Configure socket-dependent permissions in libvirt > > > > None of this will help unless you trust the user. Whoever is able to > > define a full XML is effectively root. > > I was thinking that perhaps there is a socket that I can configure in such a > way that it doesn't allow defining the XML? (I thought that the -ro.socket > might do something like this)
The read-only connection doesn't allow defining XML, but also doesn't allow starting/stopping the VM or any other state change for that matter, just looking at the state. You need to use fine-grained ACL on the "write-enabled" socket for that.
