> Kinda surprised this didn't generate some immediate discussion... I
> would also think that if you had a desire to change defaults you'd also
> have a libvirt.spec.in adjustment...
Actually no it doesn't - the spec file is already marking
/var/lib/libvirt/images as 0711.
> Still 0755 or umask(022) seem to be fairly prevalent setting and having
> the <mode> for the XML to be able to override a default certainly gives
> credence to arguments in either direction whether or not to change the
> defaults.
>
> It's been a long while since I considered system/directory/file security
> things, but I have this faint recollection of some strange issue when
> not having world or group "executable" as a default.
The fact that RPM spec ships with 0711 show that it works ok. So I
think this change is reasonable.