Comment 13 for bug 1802005

libvirt can be configured in two ways, to use policykit for authentication, or to use traditional unix permissions. Ubuntu uses the traditional permissions configuration, not the policykit one.

libvirt-dbus ships with a /var/lib/polkit-1/localauthority/10-vendor.d/libvirt-dbus.pkla file that contains:

[Allow libvirt-dbus to manage libvirt]
Identity=unix-user:libvirtdbus
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes

This allows the libvirtdbus user to manage libvirt. Since we don't use the policykit configuration, this has no effect. The equivalent would be in fact to add the libvirtdbus user to the libvirt group as suggested above.

To prevent unprivileged users from connecting to the libvirt-dbus daemon, it uses a dbus configuration file at /usr/share/dbus-1/system.d/org.libvirt.conf which only allows the root user and members of the libvirt group access to the service.

I have confirmed that adding the libvirtdbus user to the libvirt group as listed above allows the service to function, while blocking unprivileged users from accessing it, so +1 from me.

As for the second configuration change above, adding the libvirt-qemu user to the libvirt group, I am not sure why that is required. Could someone explain why that would be required?