diff -urp libvirt-1.3.2.orig/src/qemu/qemu_command.c libvirt-1.3.2/src/qemu/qemu_command.c
--- libvirt-1.3.2.orig/src/qemu/qemu_command.c	2016-02-24 01:55:16.000000000 +0000
+++ libvirt-1.3.2/src/qemu/qemu_command.c	2016-03-18 12:33:26.562768000 +0000
@@ -6047,6 +6047,10 @@ qemuBuildGraphicsSPICECommandLine(virQEM
         } else {
             virBufferAddLit(&opt, ",disable-agent-file-xfer");
         }
+
+        if (cfg->vncACL) 
+           virBufferAddLit(&opt, ",acl");
+
     }
 
     if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEAMLESS_MIGRATION)) {
diff -urp libvirt-1.3.2.orig/src/qemu/qemu.conf libvirt-1.3.2/src/qemu/qemu.conf
--- libvirt-1.3.2.orig/src/qemu/qemu.conf	2016-03-18 12:16:11.000000000 +0000
+++ libvirt-1.3.2/src/qemu/qemu.conf	2016-03-18 12:33:26.556768000 +0000
@@ -80,6 +80,15 @@
 #vnc_sasl = 1
 
 
+# Enable the VNC access control lists. When switched on this will
+# initially block all vnc users from accessing the vnc server. To
+# add and remove ids from the ACLs you will need to send the appropriate
+# commands to the qemu monitor as required by your particular version of
+# QEMU. See the QEMU documentation for more details.
+# 
+# vnc_acl = 1
+
+
 # The default SASL configuration file is located in /etc/sasl/
 # When running libvirtd unprivileged, it may be desirable to
 # override the configs in this location. Set this parameter to
diff -urp libvirt-1.3.2.orig/src/qemu/qemu_conf.c libvirt-1.3.2/src/qemu/qemu_conf.c
--- libvirt-1.3.2.orig/src/qemu/qemu_conf.c	2016-02-24 01:55:16.000000000 +0000
+++ libvirt-1.3.2/src/qemu/qemu_conf.c	2016-03-18 12:33:26.563768000 +0000
@@ -536,6 +536,7 @@ int virQEMUDriverConfigLoadFile(virQEMUD
     GET_VALUE_STR("vnc_sasl_dir", cfg->vncSASLdir);
     GET_VALUE_BOOL("vnc_allow_host_audio", cfg->vncAllowHostAudio);
     GET_VALUE_BOOL("nographics_allow_host_audio", cfg->nogfxAllowHostAudio);
+    GET_VALUE_LONG("vnc_acl", cfg->vncACL);
 
     p = virConfGetValue(conf, "security_driver");
     if (p && p->type == VIR_CONF_LIST) {
diff -urp libvirt-1.3.2.orig/src/qemu/qemu_conf.h libvirt-1.3.2/src/qemu/qemu_conf.h
--- libvirt-1.3.2.orig/src/qemu/qemu_conf.h	2016-01-10 01:57:37.000000000 +0000
+++ libvirt-1.3.2/src/qemu/qemu_conf.h	2016-03-18 12:33:26.563768000 +0000
@@ -112,6 +112,7 @@ struct _virQEMUDriverConfig {
     bool vncTLS;
     bool vncTLSx509verify;
     bool vncSASL;
+    bool vncACL;
     char *vncTLSx509certdir;
     char *vncListen;
     char *vncPassword;