[libvirt-users] How to run libvirtd as non root user
Spencer Baugh
catern at catern.com
Thu Jul 30 18:15:26 UTC 2015
Eric Blake <eblake at redhat.com> writes:
> On 07/30/2015 11:10 AM, Anshul Arora (akarora) wrote:
>> Team,
>>
>> I note that libvertd runs as root user that is against the least privilege security model.
>>
>> root 307278 1 0 Jun20 ? 04:16:46 /usr/sbin/libvirtd -listen
>
> Sadly, that IS the least privilege required for successfully running
> qemu:///system or lxc:/// guests.
>
>>
>>
>> Appreciate pointers to alternate options that user could configure as a potential mitigation plan?
>
> Use qemu:///session connections - that runs a separate libvirtd process
> as the current user, just fine. Without privileges, your guests will
> have a harder time using networking, but that's what you'd expect.
To enhance this experience, make sure that /dev/kvm is writable by the
current user, and configure qemu-bridge-helper (and make sure
it's setuid).
More information about the libvirt-users
mailing list