Re: [libvirt] [PATCH] Default to qemu:///system if accessible

> On Ubuntu, /etc/libvirt/libvirtd.conf is mode 0644? Should I be > worried about that? A quick glance in there doesn't reveal anything > that I'm uncomfortable disclosing. The /etc/libvirt directory itself should be 0700 though,

since various files under that location include passwords (qemu.conf, secrets/*, qemu/*xml, lxc/*xml, uml/*xml). We don't currently have any passwords in libvirtd.conf itself, but its certainly possible this might change in the future. While it is possible to rely on getting each individual file there to have correct permissions, IMHO it is safer to make the /etc/libvirt directory 0700

> Assuming I can determine that a given user is authorized to manage > the systemwide libvirtd, would you agree that that is the one > they're most likely to want to access? I simply cannot think up a > realistic example use case where someone has this privilege, but > actually wants to access qemu:///session. No, I don't agree. I already mentioned the reasons why it is desirable to run within the user session - SDL, audio, disk permissions, and to add another one gnome-keyring integration for qcow2 passwords which is a future feature we'd like for the secrets driver. IMHO if we are to get better integration into the user's desktop experiance, then having both libvirtd & the VMs running in the user's context, rather than a separate context is key.