Description of problem: If I run virt-manager, I can list and manage my guests. If I run virsh, I also can do it, but only if I specify '-c qemu:///system' But that should be the default already, according to: $ sudo tail /etc/libvirt/libvirt.conf #uri_aliases = [ # "hail=qemu+ssh://root.example.com/system", # "sleet=qemu+ssh://root.example.com/system", #] # # This can be used to prevent probing of the hypervisor # driver when no URI is supplied by the application. uri_default = "qemu:///system" ---- @localhost ~]$ LANG=C virsh list --all Id Name State ---------------------------------------------------- @localhost ~]$ LANG=C virsh -c qemu:///system list --all Id Name State ---------------------------------------------------- 4 centos7-1 running - centos7-2 shut off - rhel5.8 shut off Copying /etc/libvirt/libvirt.conf to ~/.config/libvirt/libvirt.conf, the file is read by virsh and it uses the default value (confirmed using strace). I noticed this: drwx------. 5 root root 4096 Abr 5 15:27 /etc/libvirt/ but just allowing access to it is not enough, something else seems to be missing. On strace I don't even see it trying to access this dir/file, only the one under $HOME. Version-Release number of selected component (if applicable): libvirt-client-1.2.18.2-2.fc23.x86_64 libvirt-daemon-1.2.18.2-2.fc23.x86_64 How reproducible: Always Steps to Reproduce: As above Actual results: Missing default values from config file Expected results: NOT missing default values from config file Additional info: I'm using this: /etc/polkit-1/localauthority/50-local.d/mrl-libvirt.pkla [mrl libvirt access] Identity=unix-user:mrl Action=org.libvirt.unix.manage ResultAny=yes ResultInactive=yes ResultActive=yes for password-less use.
That config file is used as root. If you are a non-root user you should be using $HOME/.config/libvirt/libvirt.conf
Why is that so? It doesn't really follow the standards, specially because then there is no way to have system-wide defaults for all users.
The /etc/libvirt directory is not even readable by unprivileged users as it contains files with security sensitive information, so there's no possibility of reading the config file from there as a non-root user.
That's one of the points on the report. The files that may have security sensitive information could be restricted but the directory itself doesn't need to be, as, unlike its subfolders, no random new files seems to be expected in there. And it doesn't exclude the possibility to move the file to outside of it, of course. But come on, that's an implementation detail. Let's focus on the concepts first, shall we? Why do root have a different default than other users? Not using the same default is not adding any extra security to it. Why libvirt doesn't want to allow a global default file for all users?
We could possibly enable read permissions on libvirtd.conf, but we can't on qemu.conf, since it can contain security sensitive info like a default vnc/spice password. Enabling access for one file and not the other would be problematic, so it's not a simple fix. That said I agree that it would be nice to have a way to share config across system and session daemons, but it will take some work or a new directory to enable it. Moving to the upstream tracker
Update path can be complicated, but filesystem-wise it should be possible to have qemu.conf with perms 0600. Like iscsi stuff: $ ls -la /etc/iscsi/ total 32 drwxr-xr-x. 2 root root 4096 Nov 16 11:10 . drwxr-xr-x. 164 root root 12288 Abr 11 07:58 .. -rw-r--r--. 1 root root 49 Mai 21 2015 initiatorname.iscsi -rw-------. 1 root root 11853 Nov 3 23:11 iscsid.conf $ cat /etc/iscsi/iscsid.conf cat: /etc/iscsi/iscsid.conf: Permission denied Thanks for moving this forward.
Closing this since the daemons are intentionally using separate configurations and mixing them does not make sense.