improve security by adjusting the privileges of libvirtd processes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Team

The daemon libvirtd runs as root user, which against the least privilege
security model.

root 567642 1.2 0.0 2856020 47576 ? Ssl 15:49 0:02 /usr/sbin/libvirtd --listen

In addition, the "--listen" parameter exposes TCP or TLS ports on the network,
it increasing the attack surface.

tcp   0   0 0.0.0.0:16509  0.0.0.0:*  LISTEN  647824/libvirtd
tcp   0   0 0.0.0.0:16514  0.0.0.0:*  LISTEN  647824/libvirtd

I have the following puzzles:
 1. Whether root is the least privilege required for libvirtd to manage
    virtualization platforms, it's possible to run libvirtd as a non-root user?

 2. Is there any plan to resolve this security weaknesses?
    (like move the function of "--listen" to an independent non-root process,
     or other better schemes)

Regards,
BiaoXiang




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux