🐒
0

libvirtd

Linux Virtualization Management Daemon

LIBVIRTD(8)
System Manager's Manual
libvirtd(8)

NAME

libvirtd - libvirt management daemon

SYNOPSIS

libvirtd [options]

DESCRIPTION

libvirtd is the server side daemon component of the libvirt virtualization management library. It performs the management of virtual machines, networks, and storage pools on the host system.

The daemon listens for requests on a local Unix domain socket and optionally on a TCP socket. Client applications use the libvirt library to talk to the daemon.

OPTIONS

-h, --help
Display program help and exit
-v, --verbose
Enable verbose messages
-d, --daemon
Run as a daemon and write PID file
-l, --listen
Listen for TCP/IP connections
-t, --timeout <secs>
Exit after timeout period (in seconds)
-f, --config <file>
Configuration file to use instead of default
-V, --version
Display version information and exit
-p, --pid-file <file>
Change name of PID file

CONFIGURATION

The daemon can be configured using the configuration file. The default configuration file is:

$XDG_CONFIG_HOME/libvirt/libvirtd.conf

XDG Base Directory Specification

libvirtd follows the XDG Base Directory Specification, a standard that defines where applications should store configuration, runtime, and data files. This ensures consistent behavior across Linux distributions and desktop environments.

XDG_CONFIG_HOME

$XDG_CONFIG_HOME specifies the base directory for user-specific configuration files. If not set, it defaults to $HOME/.config.

What this means for libvirtd:

  • Your personal libvirt configuration lives in $HOME/.config/libvirt/
  • This keeps your VM settings separate from system-wide configs
  • Allows per-user customization without affecting other users
  • Makes it easy to backup and sync your VM configurations

XDG_RUNTIME_DIR

$XDG_RUNTIME_DIR is a directory for user-specific runtime files like sockets, PID files, and temporary data. It's typically /run/user/<uid> and is cleaned up when you log out.

What this means for libvirtd:

  • Unix domain sockets are created in /run/user/<uid>/libvirt/
  • These sockets enable communication between libvirt tools and the daemon
  • PID files track the daemon process for system management
  • Runtime files are automatically cleaned up when you log out

Configuration File Example

Here's a basic /etc/libvirt/libvirt.conf configuration file with explanations:

#
# libvirt.conf - Main libvirt configuration file
# This file controls how libvirt tools connect to hypervisors
#

# URI Aliases - Create shortcuts for frequently used connections
# These let you use 'virsh -c hail' instead of typing the full URI
uri_aliases = [
  "hail=qemu+ssh://[email protected]/system",
  "sleet=qemu+ssh://[email protected]/system",
  "local=qemu:///system",
  "session=qemu:///session"
]

# Default URI - Used when no connection is specified
# 'qemu:///system' = local system VMs (requires root)
# 'qemu:///session' = user session VMs (no root needed)
uri_default = "qemu:///system"

# Authentication - How to handle remote connections
auth_unix_ro = "polkit"    # Read-only access via polkit
auth_unix_rw = "polkit"    # Read-write access via polkit
auth_tcp = "sasl"          # TCP connections use SASL
auth_tls = "sasl"          # TLS connections use SASL

# Key files for TLS connections
key_file = "/etc/pki/libvirt/private/serverkey.pem"
cert_file = "/etc/pki/libvirt/servercert.pem"
ca_file = "/etc/pki/libvirt/cacert.pem"

Configuration Explained

URI Aliases

These create shortcuts for complex connection strings. Instead of typing:

virsh -c qemu+ssh://[email protected]/system list

You can simply use:

virsh -c hail list

Connection Types

  • qemu:///system - Local system VMs (requires root privileges)
  • qemu:///session - User session VMs (no root needed)
  • qemu+ssh:// - Remote VMs via SSH
  • qemu+tls:// - Remote VMs via TLS encryption

Authentication Methods

  • polkit: Uses PolicyKit for local authentication
  • sasl: Simple Authentication and Security Layer for remote connections
  • none: No authentication (not recommended for production)

Default Paths

Configuration file (unless overridden by -f):
$XDG_CONFIG_HOME/libvirt/libvirtd.conf
User-specific daemon configuration
Sockets:
$XDG_RUNTIME_DIR/libvirt/libvirt-sock
Unix domain socket for local communication
TLS Certificates:
  • CA certificate: $HOME/.pki/libvirt/cacert.pem
    Certificate Authority for verifying server certificates
  • Server certificate: $HOME/.pki/libvirt/servercert.pem
    Server's public certificate for TLS connections
  • Server private key: $HOME/.pki/libvirt/serverkey.pem
    Server's private key for TLS connections
PID file (unless overridden by -p):
$XDG_RUNTIME_DIR/libvirt/libvirtd.pid
Process ID file for daemon management

EXAMPLES

Start libvirtd as a daemon:

libvirtd -d

Start with verbose output and custom config:

libvirtd -v -f /etc/libvirt/libvirtd.conf

Start with TCP listening enabled:

libvirtd -l -d

VIRTUAL MACHINE MANAGEMENT

libvirtd manages virtual machines through various hypervisors:

  • QEMU/KVM: Full virtualization on x86_64 and other architectures
  • Xen: Paravirtualization and full virtualization
  • LXC: Linux containers
  • OpenVZ: Container-based virtualization

Common Commands

VM Management

virsh list --all virsh start <domain> virsh shutdown <domain> virsh destroy <domain>

Network Management

virsh net-list --all virsh net-start <network> virsh net-destroy <network>

Storage Management

virsh pool-list --all virsh vol-list <pool> virsh pool-start <pool>

NETWORKING

libvirtd provides several networking options:

  • NAT: Network Address Translation for VM internet access
  • Bridge: Direct bridge to physical network interface
  • Routed: Static routing for VM networks
  • Isolated: Internal-only networks

STORAGE

Storage pools can be configured for various backends:

  • Directory: File-based storage in directories
  • LVM: Logical Volume Manager volumes
  • NFS: Network File System shares
  • iSCSI: Internet Small Computer Systems Interface

SECURITY

libvirtd implements several security features:

  • SELinux: Mandatory access control integration
  • AppArmor: Application-level access control
  • TLS: Encrypted communication channels
  • Authentication: SASL and polkit integration

LOGGING

Logging can be configured through the configuration file. Common log levels:

  • 1: Errors only
  • 2: Warnings and errors
  • 3: Information, warnings, and errors
  • 4: Debug information

FILES

/etc/libvirt/libvirtd.conf
Main configuration file
/var/run/libvirt/libvirt-sock
Unix domain socket
/var/log/libvirt/libvirtd.log
Log file
/var/run/libvirt/libvirtd.pid
PID file

SEE ALSO

virsh(1), virt-manager(1), libvirt(3), libvirtd.conf(5)

BUGS

Please report bugs to the libvirt mailing list: [email protected]

AUTHOR

libvirtd was written by the libvirt project team.

COPYRIGHT

Copyright © 2006-2024 Red Hat, Inc. and others. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

libvirtd(8) - Linux man page
Generated on: