libvirtd — Libvirt Daemon (Legacy Central Virtualization Daemon)

Overview

libvirtd is the system daemon for libvirt, responsible for managing virtualization hosts and hypervisors (e.g., QEMU/KVM, Xen, LXC). It exposes a high-level API and remote protocol to control and automate virtual machines, networks, storage, and more.

Deprecated: As of libvirt 9.0 (2023), libvirtd is deprecated and has been split into modular daemons like:

  • virtqemud

  • virtlogd

  • virtproxyd

  • virtnetworkd, etc.

But it’s still widely used in existing Linux distributions.


Responsibilities of libvirtd

Feature
Description

Hypervisor Integration

Interacts with QEMU, KVM, LXC, Xen, etc. via driver plugins.

VM Lifecycle Management

Start, stop, pause, resume, reboot, and destroy virtual machines.

Storage Management

Create/delete volumes and pools, attach storage.

Network Management

Set up virtual NAT, bridges, and isolated networks.

Security

Applies SELinux, AppArmor, sVirt isolation rules.

Remote Access

Exposes TCP/TLS/SSH sockets for remote control (qemu+ssh, etc.).

Authentication

Supports UNIX sockets, SASL, TLS certificates for secure access.


Service and Socket Management

Systemd Units

systemctl status libvirtd.service
systemctl enable libvirtd.service
systemctl restart libvirtd.service

Also includes:

libvirtd.socket         # UNIX socket for local connections
libvirtd-ro.socket      # Read-only socket
libvirtd-admin.socket   # Administrative operations

Configuration Files

File
Purpose

/etc/libvirt/libvirtd.conf

Core daemon settings (logging, sockets, etc.)

/etc/sysconfig/libvirtd (RPM)

Environment variables for daemon (old distros)

/etc/libvirt/qemu.conf

QEMU/KVM specific settings


Key libvirtd.conf Options

listen_tls = 1
listen_tcp = 1
auth_unix_rw = "polkit"
unix_sock_group = "libvirt"
unix_sock_rw_perms = "0770"

Use virt-manager, virsh, or custom clients to interact with libvirtd.


Logging and Debugging

Enable debug mode:

LIBVIRT_DEBUG=1 LIBVIRT_LOG_OUTPUTS=1:file:/tmp/libvirt.log virsh list

Or increase verbosity in /etc/libvirt/libvirtd.conf:

log_level = 1
log_outputs="1:file:/var/log/libvirt/libvirtd.log"

Then:

systemctl restart libvirtd

Replacement in Modern Setups

Old (libvirtd)

New (modular daemons)

libvirtd

virtqemud, virtlogd, virtproxyd, etc.

/var/run/libvirtd/

/run/libvirt/qemu/, /run/libvirt/virtqemud/

You can switch to modular mode by stopping libvirtd and enabling individual daemons:

systemctl disable libvirtd
systemctl enable virtqemud virtlogd virtnetworkd

Remote Access

Enable remote TCP/TLS connections:

  1. In /etc/libvirt/libvirtd.conf:

listen_tcp = 1
listen_tls = 1
auth_tcp = "sasl"
  1. In /etc/default/libvirtd or systemd override:

LIBVIRTD_ARGS="--listen"

Then:

systemctl restart libvirtd

Connect using:

virsh -c qemu+ssh://user@host/system

Summary

Component
Purpose

libvirtd

Main legacy libvirt daemon

Manages

VMs, networks, storage, hypervisor APIs

Interface

Sockets (UNIX/TCP), RPC protocol

Security

SELinux, TLS, SASL, UNIX auth

Status

Deprecated in favor of modular daemons


Let me know if you'd like a guide to migrating from libvirtd to modular daemons, configuring remote access securely, or benchmarking libvirt vs. competitors like virt-manager, cockpit, xen-tools, or VBoxManage.

Last updated