21 - 12 - 2024

VNC socket with Libivrt incorrect permissions

We you are using libvirt with VNC based on sockets instead of default TCP listening and you are not running as root. You could have an situation when socket has incorrect permissions 0775 and qemu:qemu group under default /var/lib/libvirt/qemu folder. The files has extension ".vnc" with suffix based on your Virtual Machine name and "=" sign.

Unix sockets are forced by "vnc_auto_unix_socket" in qemu.conf file, in /etc/libvirt folder.

The params from libvirtd.conf unix_sock_rw_perms and unix_sock_ro_perms, had no impact on the VNC socket permissions.

To change the VNC group permissions set:

/etc/libvirt/qemu.conf

# The group for QEMU processes run by the system instance. It can be
# specified in a similar way to user.
group = "users"
This will allow users from group "users" to open the socket.