doc: Fix doc and clarify how to use libvirt as unprivileged user.

* doc/guix.texi (Virtualization Services): Document the necessity of being part of the "libvirt" group and augment example. Remove extraneous "(unix-sock-group "libvirt")" from example, as this is now the default value. Update default documented value from "root" to "libvirt". Fixes: https://issues.guix.gnu.org/34611 Reported-by: Brett Gilio <brettg@posteo.net> Change-Id: I5fe17706f69db55fbd661e0a43115c56d0ffd9a9
2023-12-29 23:28:05 -05:00 · 2023-12-29 23:28:05 -05:00 · b69bdcf77f
parent 1d4db94beb
commit b69bdcf77f
1 changed files with 11 additions and 4 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -35174,17 +35174,24 @@ services.
@subsubheading Libvirt daemon

@code{libvirtd} is the server side daemon component of the libvirt
-virtualization management system.  This daemon runs on host servers
-and performs required management tasks for virtualized guests.
+virtualization management system.  This daemon runs on host servers and
+performs required management tasks for virtualized guests.  To connect
+to the libvirt daemon as an unprivileged user, it must be added to the
+@samp{libvirt} group, as shown in the example below.

@defvar libvirt-service-type
 This is the type of the @uref{https://libvirt.org, libvirt daemon}.
 Its value must be a @code{libvirt-configuration}.

@lisp
+(users (cons (user-account
+              (name "user")
+              (group "users")
+              (supplementary-groups '("libvirt"
+                                      "audio" "video" "wheel")))
+             %base-user-accounts))
 (service libvirt-service-type
         (libvirt-configuration
-          (unix-sock-group "libvirt")
          (tls-port "16555")))
@end lisp
@end defvar
@ -35266,7 +35273,7 @@ UNIX domain socket group ownership.  This can be used to allow a
 'trusted' set of users access to management capabilities without
 becoming root.

-Defaults to @samp{"root"}.
+Defaults to @samp{"libvirt"}.

@end deftypevr