diff -dur -x '*.orig' -x '*.rej' -x '*~' libvirt-2.1.0.orig/src/qemu/qemu_command.c libvirt-2.1.0/src/qemu/qemu_command.c
--- libvirt-2.1.0.orig/src/qemu/qemu_command.c	2016-08-02 09:10:56.000000000 +0200
+++ libvirt-2.1.0/src/qemu/qemu_command.c	2016-08-17 12:43:29.000000000 +0200
@@ -7521,6 +7521,9 @@
         /* TODO: Support ACLs later */
     }
 
+    if (cfg->vncACL) 
+        virBufferAddLit(&opt, ",acl");
+
     virCommandAddArg(cmd, "-vnc");
     virCommandAddArgBuffer(cmd, &opt);
     if (graphics->data.vnc.keymap)
diff -dur -x '*.orig' -x '*.rej' -x '*~' libvirt-2.1.0.orig/src/qemu/qemu.conf libvirt-2.1.0/src/qemu/qemu.conf
--- libvirt-2.1.0.orig/src/qemu/qemu.conf	2016-08-17 12:30:24.000000000 +0200
+++ libvirt-2.1.0/src/qemu/qemu.conf	2016-08-17 12:37:00.000000000 +0200
@@ -80,6 +80,15 @@
 #vnc_sasl = 1
 
 
+# Enable the VNC access control lists. When switched on this will
+# initially block all vnc users from accessing the vnc server. To
+# add and remove ids from the ACLs you will need to send the appropriate
+# commands to the qemu monitor as required by your particular version of
+# QEMU. See the QEMU documentation for more details.
+# 
+# vnc_acl = 1
+
+
 # The default SASL configuration file is located in /etc/sasl/
 # When running libvirtd unprivileged, it may be desirable to
 # override the configs in this location. Set this parameter to
diff -ur libvirt-5.1.0.orig/src/qemu/qemu_conf.c libvirt-5.1.0/src/qemu/qemu_conf.c
--- libvirt-5.1.0.orig/src/qemu/qemu_conf.c	2019-02-26 00:24:59.015183201 +0100
+++ libvirt-5.1.0/src/qemu/qemu_conf.c	2019-03-07 00:31:31.736955745 +0100
@@ -471,6 +471,8 @@
         return -1;
     if (virConfGetValueBool(conf, "vnc_allow_host_audio", &cfg->vncAllowHostAudio) < 0)
         return -1;
+    if (virConfGetValueBool(conf, "vnc_acl", &cfg->vncACL) < 0)
+        return -1;
 
     return 0;
 }
diff -dur -x '*.orig' -x '*.rej' -x '*~' libvirt-2.1.0.orig/src/qemu/qemu_conf.h libvirt-2.1.0/src/qemu/qemu_conf.h
--- libvirt-2.1.0.orig/src/qemu/qemu_conf.h	2016-07-27 14:39:35.000000000 +0200
+++ libvirt-2.1.0/src/qemu/qemu_conf.h	2016-08-17 12:37:00.000000000 +0200
@@ -113,6 +113,7 @@
     bool vncTLS;
     bool vncTLSx509verify;
     bool vncSASL;
+    bool vncACL;
     char *vncTLSx509certdir;
     char *vncListen;
     char *vncPassword;