Hi, I'm generating some domain XML to have the serial console output sent to a file for subsequent debug after the domain is no longer running. I'm noticing that the file ends up being owned by root with permissions of 600. I expected that it would need to be owned by root when the VM was running using the qemu:///system uri for security purposes, however I had hoped there would be a way to reset the owner and group back to the original values on destroy. Is this possible? I had hoped there might be something similar to what is possible with the permissions element for storage pools. Started experimenting adding seclabel child elements to the serial element, but it seems to only affect ownership while the domain is running and when it is destroyed it still ends up being owned as root. creating the domain with the following serial/console elements: <serial type='file'> <source path='/home/testuser/vagrant-libvirt/logfiles/test.log'> <seclabel type='dynamic' model='dac' relabel='yes'> <label>+1002:+1002</label> </seclabel> </source> <target port='0'/> </serial> <console type='file'> <source path='/home/testuser/vagrant-libvirt/logfiles/test.log'/> <target type='serial' port='0'/> </console> I've tried experimenting with a couple of different values but to no success. It appears to only change the user group the file is set to while the domain is running, and sets it to root when the VM is destroyed, instead of returning it to the original user. Is there any way with libvirt to have the file owned by the user after the VM is destroyed (doesn't matter if it's owned by root at runtime), when connecting using qemu:///system? -- Darragh Bailey