Re: [libvirt-users] libvirtd via unix socket using system uri

On Tue, 30 Apr 2019 at 16:43, Michal Privoznik <mprivozn(a)redhat.com&gt; wrote: - You will definitely want to use qemu:///system if your VMs are acting as servers. VM autostart on host boot only works for 'system' [Yes, my VMs are acting as servers] - the root libvirtd instance has necessary permissions to use proper networkings via bridges or virtual networks. [Yes, I use OVS, with quite a complex bridge+VLAN system configured at boot] - qemu:///session has a serious drawback: [...] the only out of the box network option is qemu's usermode networking, which has nonobvious limitations, so its usage is discouraged. (Source: https://wiki.libvirt.org/page/FAQ#What_is_the_difference_between_qemu:.2F... ) So I have to use /system, according to the FAQ. But it'd be nice to nail the daemon down to reduce the attack surface. - Peter