On Fri, Oct 27, 2017 at 04:35:39PM +0200, Pino Toscano wrote: > On Friday, 27 October 2017 16:18:42 CEST Daniel P. Berrange wrote: > > There is no reason for the libvirt-dbus daemon to require root privileges. All > > it actually needs is ability to connect to libvirtd, which can be achieved by > > dropping in a polkit configuration file > > > > Now a libvirt connection to the system bus gives you privileges equivalent to > > root, so this doesn't really improve security on its own. It relies on there > > being a dbus policy that prevents users from issuing elevated APIs. > > > > For example, a DBus policy could allow non-root users to list VMs on the > > system bus and get their status (aka virsh list equiv). In this case, the > > security isolation does give some benefit. > > > > Security can be further improved if the admin uses the libvirt polkit file to > > restrict what libvirt-dbus is permitted to do. > > > > Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> > > --- > > [...] > > diff --git a/data/system/org.libvirt.conf b/data/system/org.libvirt.conf > > index 5cbc732..2b11717 100644 > > --- a/data/system/org.libvirt.conf > > +++ b/data/system/org.libvirt.conf > > @@ -4,7 +4,7 @@ > > > > <busconfig> > > > > - <policy user="root"> > > + <policy user="libvirtdbus"> > > <allow own="org.libvirt"/> > > <allow send_destination="org.libvirt"/> > > </policy> > > Most probably this file should be git rm'ed, and added to the > .gitignore. Urgh yes. It seems the deletion got lost when I did a git stash and then unstashed. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
