Skip to navigationSkip to content
libvirtd docs
Commands

Manual nav

Search `/` or jump with `g` / `G`.

Portal

  • Home manual
  • Command explorer
Foundations6 sections
  • Overview1
  • Installation2
  • Platform1
  • Concepts5
  • Domains2
  • Domain XML2
Subsystems9 sections
  • Identity1
  • Automation2
  • Daemons3
  • virsh3
  • Networking5
  • Storage4
  • Security3
  • Observability2
  • Remote Access1
Operations6 sections
  • Migration2
  • Backup2
  • Performance3
  • Recovery1
  • Troubleshooting2
  • References2

/ search · g top · G quickstart

guidetroubleshootingReviewed March 6, 2026

Troubleshooting playbook

Use the same order every time: confirm the URI, confirm the socket, identify the owning daemon, then inspect XML or policy. First response Permissions and polkit If root works and an unprivileged operator fails, check lo

troubleshootingsocketspolkitcertificates

Use the same order every time: confirm the URI, confirm the socket, identify the owning daemon, then inspect XML or policy.

First response

BASH
virsh -c qemu:///system uri
systemctl status libvirtd virtqemud virtproxyd
ss -lx | grep -E "libvirt|virtqemud|virtproxyd"
journalctl -u libvirtd -u virtqemud -u virtproxyd -n 150

Permissions and polkit

If root works and an unprivileged operator fails, check local authorization before changing daemon settings.

BASH
id
pkaction | grep -i libvirt
journalctl -b | grep -i polkit

Certificates and remote listeners

For remote access problems, validate the listener and trust chain before you touch guest definitions.

BASH
systemctl status virtproxyd-tls.socket
ss -ltnp | grep 16514
openssl s_client -connect hv-a:16514 -servername hv-a

Always read the XML

virsh dumpxml explains many failures that look like daemon bugs but are really bad paths, missing bridges, or incompatible guest settings.

Related

  • SELinux, virtd_t, and common denials
  • Remote TLS, TCP, and auth basics
  • Files, sockets, and service units

On this page

  • First response
  • Permissions and polkit
  • Certificates and remote listeners
  • Always read the XML