[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Adding users to libvirt or kvm group


#1

https://www.whonix.org/wiki/KVM#Addgroup
In order to be able to manage virtual machines as regular (non-root) user, you need to add that user to the libvirt and the kvm group.

What are the security implications?


#2

None because hopefully you aren’t running untrusted code on your host which can do a lot more harm than just controlling your VMs maliciously. Some parts of libvirt are privileged because they obviously talk to the KVM module in the kernel so its expected that to control it from a GUI without inputting your password every time, you must add your regular user to the group.


#3

Not sure if I fully agree with this line of reasoning: the malicious code or user could always do something worse than X. Then nearly no action needs to be password restricted, except maybe deleting the whole system.


#4

Well let’s agree to disagree. I personally won;t lose sleep over it :wink: