Hi Team The daemon libvirtd runs as root user, which against the least privilege security model. root 567642 1.2 0.0 2856020 47576 ? Ssl 15:49 0:02 /usr/sbin/libvirtd --listen In addition, the "--listen" parameter exposes TCP or TLS ports on the network, it increasing the attack surface. tcp 0 0 0.0.0.0:16509 0.0.0.0:* LISTEN 647824/libvirtd tcp 0 0 0.0.0.0:16514 0.0.0.0:* LISTEN 647824/libvirtd I have the following puzzles: 1. Whether root is the least privilege required for libvirtd to manage virtualization platforms, it's possible to run libvirtd as a non-root user? 2. Is there any plan to resolve this security weaknesses? (like move the function of "--listen" to an independent non-root process, or other good idea) Regards, BiaoXiang