To quote @berrange from #5 (comment):

[...] makes the socket mode 0777, and then turn on SASL with scram-sha-1 to enable username + password auth of libvirtd. Then given virt-handler the username + password via a libvirtd auth config file, which we can populate using a k8s secret.

This way it is very easy to run other agents on the host or in other containers as non-root and give them the possibility to connect to the socket..

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

/lifecycle stale

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

/lifecycle rotten

/remove-lifecycle rotten
Still keeping this in mind, I worked on a script, but it didn't do everything.

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

/lifecycle stale

/remove-lifecycle stale

I wasn't successful, unfortunately, but I have a couple of ideas. If someone wants to look into this, feel free to bounce ideas off of me.

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

/lifecycle stale

/close

Not relevant anymore. virt-launcher talks with its own libvirtd and if someone enters the container, the password is in the container for virt-launcher already.