🐒
0

libvirtd

Linux Virtualization Management Daemon

LIBVIRTD(8)
System Manager's Manual
libvirtd(8)

CONFIGURATION

The daemon can be configured using the configuration file. The default configuration file is:

$XDG_CONFIG_HOME/libvirt/libvirtd.conf

XDG Base Directory Specification

libvirtd follows the XDG Base Directory Specification, a standard that defines where applications should store configuration, runtime, and data files. This ensures consistent behavior across Linux distributions and desktop environments.

XDG_CONFIG_HOME

$XDG_CONFIG_HOME specifies the base directory for user-specific configuration files. If not set, it defaults to $HOME/.config.

What this means for libvirtd:

  • Your personal libvirt configuration lives in $HOME/.config/libvirt/
  • This keeps your VM settings separate from system-wide configs
  • Allows per-user customization without affecting other users
  • Makes it easy to backup and sync your VM configurations

XDG_RUNTIME_DIR

$XDG_RUNTIME_DIR is a directory for user-specific runtime files like sockets, PID files, and temporary data. It's typically /run/user/<uid> and is cleaned up when you log out.

What this means for libvirtd:

  • Unix domain sockets are created in /run/user/<uid>/libvirt/
  • These sockets enable communication between libvirt tools and the daemon
  • PID files track the daemon process for system management
  • Runtime files are automatically cleaned up when you log out

Configuration File Example

Here's a basic /etc/libvirt/libvirt.conf configuration file with explanations:

#
# libvirt.conf - Main libvirt configuration file
# This file controls how libvirt tools connect to hypervisors
#

# URI Aliases - Create shortcuts for frequently used connections
# These let you use 'virsh -c hail' instead of typing the full URI
uri_aliases = [
  "hail=qemu+ssh://[email protected]/system",
  "sleet=qemu+ssh://[email protected]/system",
  "local=qemu:///system",
  "session=qemu:///session"
]

# Default URI - Used when no connection is specified
# 'qemu:///system' = local system VMs (requires root)
# 'qemu:///session' = user session VMs (no root needed)
uri_default = "qemu:///system"

# Authentication - How to handle remote connections
auth_unix_ro = "polkit"    # Read-only access via polkit
auth_unix_rw = "polkit"    # Read-write access via polkit
auth_tcp = "sasl"          # TCP connections use SASL
auth_tls = "sasl"          # TLS connections use SASL

# Key files for TLS connections
key_file = "/etc/pki/libvirt/private/serverkey.pem"
cert_file = "/etc/pki/libvirt/servercert.pem"
ca_file = "/etc/pki/libvirt/cacert.pem"

Configuration Explained

URI Aliases

These create shortcuts for complex connection strings. Instead of typing:

virsh -c qemu+ssh://[email protected]/system list

You can simply use:

virsh -c hail list

Connection Types

  • qemu:///system - Local system VMs (requires root privileges)
  • qemu:///session - User session VMs (no root needed)
  • qemu+ssh:// - Remote VMs via SSH
  • qemu+tls:// - Remote VMs via TLS encryption

Authentication Methods

  • polkit: Uses PolicyKit for local authentication
  • sasl: Simple Authentication and Security Layer for remote connections
  • none: No authentication (not recommended for production)

Default Paths

Configuration file (unless overridden by -f):
$XDG_CONFIG_HOME/libvirt/libvirtd.conf
User-specific daemon configuration
Sockets:
$XDG_RUNTIME_DIR/libvirt/libvirt-sock
Unix domain socket for local communication
TLS Certificates:
  • CA certificate: $HOME/.pki/libvirt/cacert.pem
    Certificate Authority for verifying server certificates
  • Server certificate: $HOME/.pki/libvirt/servercert.pem
    Server's public certificate for TLS connections
  • Server private key: $HOME/.pki/libvirt/serverkey.pem
    Server's private key for TLS connections
PID file (unless overridden by -p):
$XDG_RUNTIME_DIR/libvirt/libvirtd.pid
Process ID file for daemon management