Xen === To manage xen domains with libvirt you have to set: (xend-unix-server yes) in /etc/xen/xend-config.sxp. For xend HTTP access (not recommended) you also have to set: (xend-http-server yes) # only allow access from localhost: (xend-address localhost) Note that *every* user on the system has access to xend then. Better use libvirtd to access xen with unprivileged users and add the users to the "libvirt" group (see "Access Control" below). Debugging ========= Use LIBVIRT_DEBUG=1 to enable libvirt's debugging output, e.g.: LIBVIRT_DEBUG=1 export LIBVIRT_DEBUG virt-manager The default NAT network ======================= To ease network configuration libvirt defines a NATed network named "default". VMs using this network end up in 192.168.122.1/24 and DHCP is provided to them via dnsmasq. This network is not automatically started. To start it use: virsh net-start default To make the default network start automatically use: virsh net-autostart default In order for things to work this way you need to have the recommended packages dnsmasq-base, bridge-utils and iptables installed. You don't need the package dnsmasq. However, if you install it, Debian's default dnsmasq needs to be adjusted slightly to interoperate with libvirtd: cat </etc/dnsmasq.d/00_libvirtd.conf # only bind to loopback by default interface=lo bind-interfaces EOF This makes dnsmasq only bind to the loopback interface by default so libvirtd can handle the virtual bridges. Access Control ============== Access to the libvirt socket is controlled by membership in the "libvirt" group. If you want to manage VMs as non root you need to add a user to that group. QEMU/KVM: Dropping Capabilties ============================== Network interfaces of type "ethernet" use a script like /etc/qemu-ifup to set up the network device. In order to make this work you need to set "clear_emulator_capabilities" to "0" in /etc/libvirt/qemu.conf since you need CAP_NET_ADMIN. This used to be the default prior to 0.8.1 in the Debian package. -- Guido Günther Mon, 12 Jul 2010 19:58:35 +0200