Skip to navigationSkip to content
libvirtd docs
Commands

Manual nav

Search `/` or jump with `g` / `G`.

Portal

  • Home manual
  • Command explorer
Foundations6 sections
  • Overview1
  • Installation2
  • Platform1
  • Concepts5
  • Domains2
  • Domain XML2
Subsystems9 sections
  • Identity1
  • Automation2
  • Daemons3
  • virsh3
  • Networking5
  • Storage4
  • Security3
  • Observability2
  • Remote Access1
Operations6 sections
  • Migration2
  • Backup2
  • Performance3
  • Recovery1
  • Troubleshooting2
  • References2

/ search · g top · G quickstart

mansecurityReviewed July 15, 2026

Libvirt access control and privilege boundaries

Control of the system libvirt URI is close to root equivalent on many hosts. An authorized user can often define devices, attach host paths, alter networks, or influence privileged QEMU execution. Map the boundary Apply

polkitunix-socketsaslleast-privilege

Control of the system libvirt URI is close to root-equivalent on many hosts. An authorized user can often define devices, attach host paths, alter networks, or influence privileged QEMU execution.

Map the boundary

BASH
virsh -c qemu:///system uri
ss -lx | grep libvirt
stat /run/libvirt/libvirt-sock
getent group libvirt

Apply least privilege

  • Prefer local UNIX sockets with polkit decisions for interactive administration.
  • Prefer SSH transport for remote operator access when centralized host SSH policy already exists.
  • Use TLS with client certificates when application-to-service connectivity requires it.
  • Do not grant broad group membership as a substitute for an authorization model.
  • Audit changes to domain, network, storage, secret, and node-device definitions.

Separate concerns

Socket authorization decides who may ask. SELinux and sVirt constrain what the daemon and guest processes may touch. TLS protects a transport. None replaces the others.

Related

  • FreeIPA, SCIM, and Authority Boundaries
  • SELinux, virtd_t, and common denials
  • Remote TLS, TCP, and auth basics

On this page

  • Map the boundary
  • Apply least privilege
  • Separate concerns