diff -urp libvirt-4.5.0.orig/src/qemu/qemu_command.c libvirt-4.5.0/src/qemu/qemu_command.c
--- libvirt-4.5.0.orig/src/qemu/qemu_command.c	2018-07-09 16:27:53.841864595 +0000
+++ libvirt-4.5.0/src/qemu/qemu_command.c	2018-07-09 16:28:11.860863521 +0000
@@ -7859,6 +7859,10 @@ qemuBuildGraphicsVNCCommandLine(virQEMUD
             virCommandAddEnvPair(cmd, "SASL_CONF_PATH", cfg->vncSASLdir);
 
         /* TODO: Support ACLs later */
+
+        if (cfg->vncACL)
+           virBufferAddLit(&opt, ",acl");
+
     }
 
     virCommandAddArg(cmd, "-vnc");
diff -urp libvirt-4.5.0.orig/src/qemu/qemu.conf libvirt-4.5.0/src/qemu/qemu.conf
--- libvirt-4.5.0.orig/src/qemu/qemu.conf	2018-07-09 16:27:53.844864595 +0000
+++ libvirt-4.5.0/src/qemu/qemu.conf	2018-07-09 16:28:11.861863521 +0000
@@ -135,6 +135,15 @@
 #vnc_sasl = 1
 
 
+# Enable the VNC access control lists. When switched on this will
+# initially block all vnc users from accessing the vnc server. To
+# add and remove ids from the ACLs you will need to send the appropriate
+# commands to the qemu monitor as required by your particular version of
+# QEMU. See the QEMU documentation for more details.
+# 
+# vnc_acl = 1
+
+
 # The default SASL configuration file is located in /etc/sasl/
 # When running libvirtd unprivileged, it may be desirable to
 # override the configs in this location. Set this parameter to
diff -urp libvirt-4.5.0.orig/src/qemu/qemu_conf.c libvirt-4.5.0/src/qemu/qemu_conf.c
--- libvirt-4.5.0.orig/src/qemu/qemu_conf.c	2018-07-09 16:27:53.842864595 +0000
+++ libvirt-4.5.0/src/qemu/qemu_conf.c	2018-07-09 16:28:11.861863521 +0000
@@ -555,6 +555,8 @@ int virQEMUDriverConfigLoadFile(virQEMUD
         goto cleanup;
     if (virConfGetValueBool(conf, "nographics_allow_host_audio", &cfg->nogfxAllowHostAudio) < 0)
         goto cleanup;
+    if (virConfGetValueBool(conf, "vnc_acl", &cfg->vncACL) < 0)
+        goto cleanup;
 
 
     if (virConfGetValueStringList(conf, "security_driver", true, &cfg->securityDriverNames) < 0)
diff -urp libvirt-4.5.0.orig/src/qemu/qemu_conf.h libvirt-4.5.0/src/qemu/qemu_conf.h
--- libvirt-4.5.0.orig/src/qemu/qemu_conf.h	2018-07-09 16:27:53.842864595 +0000
+++ libvirt-4.5.0/src/qemu/qemu_conf.h	2018-07-09 16:28:11.861863521 +0000
@@ -124,6 +124,7 @@ struct _virQEMUDriverConfig {
     bool vncTLS;
     bool vncTLSx509verify;
     bool vncSASL;
+    bool vncACL;
     char *vncTLSx509certdir;
     char *vncListen;
     char *vncPassword;