diff --git a/bootstrap/main.tf b/bootstrap/main.tf
index 25ac37a..8a2cbce 100644
--- a/bootstrap/main.tf
+++ b/bootstrap/main.tf
@@ -37,6 +37,10 @@ resource "libvirt_pool" "data" {
   name = "data"
   type = "dir"
   path = "/kvm/data"
+
+  xml {
+    xslt = file("set_volume_pool_mode_open.xsl")
+  }
 }
 
 resource "libvirt_volume" "ubuntu_jammy" {
diff --git a/bootstrap/set_volume_pool_mode_open.xsl b/bootstrap/set_volume_pool_mode_open.xsl
new file mode 100644
index 0000000..1f53bf9
--- /dev/null
+++ b/bootstrap/set_volume_pool_mode_open.xsl
@@ -0,0 +1,19 @@
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+	<xsl:output omit-xml-declaration="yes" indent="yes"/>
+
+	<xsl:template match="@*|node()">
+		<xsl:copy>
+			<xsl:apply-templates select="@*|node()" />
+		</xsl:copy>
+	</xsl:template>
+
+	<xsl:template match="/pool/target">
+		<xsl:copy>
+			<xsl:apply-templates select="@*|node()" />
+			<permissions>
+				<mode>0755</mode>
+			</permissions>
+		</xsl:copy>
+	</xsl:template>
+
+</xsl:stylesheet>
diff --git a/configure/sshd.conf b/configure/sshd.conf
index 61b55a2..08f27e3 100644
--- a/configure/sshd.conf
+++ b/configure/sshd.conf
@@ -4,3 +4,5 @@ Match User lewis
 	AuthorizedPrincipalsFile /etc/ssh/lewis_principals
 	ChrootDirectory /kvm/data
 	ForceCommand internal-sftp
+	AllowTcpForwarding no
+	X11Forwarding no