Skip to navigationSkip to content
libvirtd docs
Commands

Manual nav

Search `/` or jump with `g` / `G`.

Portal

  • Home manual
  • Command explorer
Foundations6 sections
  • Overview1
  • Installation2
  • Platform1
  • Concepts5
  • Domains2
  • Domain XML2
Subsystems9 sections
  • Identity1
  • Automation2
  • Daemons3
  • virsh3
  • Networking5
  • Storage4
  • Security3
  • Observability2
  • Remote Access1
Operations6 sections
  • Migration2
  • Backup2
  • Performance3
  • Recovery1
  • Troubleshooting2
  • References2

/ search · g top · G quickstart

LIBVIRT-SECURITY(7)03 entries

Security

SELinux, AppArmor, sVirt, and the policy knobs that commonly block guests.

  1. 01
    AppArmor and the sVirt isolation model

    AppArmor and SELinux solve a similar problem for libvirt: they confine the hypervisor and protect guest resources with mandatory access control. sVirt is the broader model that binds guest execution to labeled or profile

    man
  2. 02
    Libvirt access control and privilege boundaries

    Control of the system libvirt URI is close to root equivalent on many hosts. An authorized user can often define devices, attach host paths, alter networks, or influence privileged QEMU execution. Map the boundary Apply

    man
  3. 03
    SELinux, virtd_t, and common denials

    On SELinux enabled hosts, libvirt daemons run in controlled domains such as virtd t. Guest resources often carry svirt labels so the hypervisor can touch only what the policy allows. Why this breaks guest startup The gue

    man