[libvirt-users] How to run libvirtd as non root user
Eric Blake
eblake at redhat.com
Thu Jul 30 17:24:32 UTC 2015
On 07/30/2015 11:10 AM, Anshul Arora (akarora) wrote:
> Team,
>
> I note that libvertd runs as root user that is against the least privilege security model.
>
> root 307278 1 0 Jun20 ? 04:16:46 /usr/sbin/libvirtd -listen
Sadly, that IS the least privilege required for successfully running
qemu:///system or lxc:/// guests.
>
>
> Appreciate pointers to alternate options that user could configure as a potential mitigation plan?
Use qemu:///session connections - that runs a separate libvirtd process
as the current user, just fine. Without privileges, your guests will
have a harder time using networking, but that's what you'd expect.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 604 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20150730/c8363672/attachment.sig>
More information about the libvirt-users
mailing list