On Friday, 27 October 2017 16:18:42 CEST Daniel P. Berrange wrote: > There is no reason for the libvirt-dbus daemon to require root privileges. All > it actually needs is ability to connect to libvirtd, which can be achieved by > dropping in a polkit configuration file > > Now a libvirt connection to the system bus gives you privileges equivalent to > root, so this doesn't really improve security on its own. It relies on there > being a dbus policy that prevents users from issuing elevated APIs. > > For example, a DBus policy could allow non-root users to list VMs on the > system bus and get their status (aka virsh list equiv). In this case, the > security isolation does give some benefit. > > Security can be further improved if the admin uses the libvirt polkit file to > restrict what libvirt-dbus is permitted to do. > > Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> > --- > [...] > diff --git a/data/system/org.libvirt.conf b/data/system/org.libvirt.conf > index 5cbc732..2b11717 100644 > --- a/data/system/org.libvirt.conf > +++ b/data/system/org.libvirt.conf > @@ -4,7 +4,7 @@ > > <busconfig> > > - <policy user="root"> > + <policy user="libvirtdbus"> > <allow own="org.libvirt"/> > <allow send_destination="org.libvirt"/> > </policy> Most probably this file should be git rm'ed, and added to the .gitignore. -- Pino Toscano
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
