From b69bdcf77f8240ba8241be12ba2b0ebd55abcb38 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Fri, 29 Dec 2023 23:28:05 -0500 Subject: doc: Fix doc and clarify how to use libvirt as unprivileged user. * doc/guix.texi (Virtualization Services): Document the necessity of being part of the "libvirt" group and augment example. Remove extraneous "(unix-sock-group "libvirt")" from example, as this is now the default value. Update default documented value from "root" to "libvirt". Fixes: https://issues.guix.gnu.org/34611 Reported-by: Brett Gilio Change-Id: I5fe17706f69db55fbd661e0a43115c56d0ffd9a9 --- doc/guix.texi | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index bc04bb8150..3002cdfa13 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -35174,17 +35174,24 @@ services. @subsubheading Libvirt daemon @code{libvirtd} is the server side daemon component of the libvirt -virtualization management system. This daemon runs on host servers -and performs required management tasks for virtualized guests. +virtualization management system. This daemon runs on host servers and +performs required management tasks for virtualized guests. To connect +to the libvirt daemon as an unprivileged user, it must be added to the +@samp{libvirt} group, as shown in the example below. @defvar libvirt-service-type This is the type of the @uref{https://libvirt.org, libvirt daemon}. Its value must be a @code{libvirt-configuration}. @lisp +(users (cons (user-account + (name "user") + (group "users") + (supplementary-groups '("libvirt" + "audio" "video" "wheel"))) + %base-user-accounts)) (service libvirt-service-type (libvirt-configuration - (unix-sock-group "libvirt") (tls-port "16555"))) @end lisp @end defvar @@ -35266,7 +35273,7 @@ UNIX domain socket group ownership. This can be used to allow a 'trusted' set of users access to management capabilities without becoming root. -Defaults to @samp{"root"}. +Defaults to @samp{"libvirt"}. @end deftypevr -- cgit 1.4.1