qemu-kvm und libvirt


Running anything as root always has security implications and so has libvirt. Therefor make sure you have your user set in /etc/libvirt/qemu.conf:

# /etc/libvirt/qemu.conf
user  = "max"
group = "kvm"

which implies, that your virtual machines are accessable by the defined user and group as well. They usually live under /var/lib/libvirt/images when using libvirtd, where you can mount anything.

manually call qemu with kvm

You can use this script to start virtual machines manually and with many features enabled.

# generate a random mac-address...
MAC=$(printf 'DE:AD:BE:EF:%02X:%02X' $((RANDOM%256)) $((RANDOM%256)))
# prepare qemu-kvm-command...
  $(: hardware-profile) 
  -cpu host   
  -smp 4      
  -m 4G       
  -clock unix 
  -soundhw pcspk,ac97 
  -drive index=0,if=virtio,cache=none,file=$1 
  -drive index=0,if=scsi,media=cdrom,file=$2 
  $(: enable usb2.0 support) 
  -readconfig /etc/qemu/ich9-ehci-uhci.cfg 
  $(: use spice as display and hid device driver) 
  -spice port=5930,disable-ticketing 
  -vga qxl  
  -device qxl 
  -device virtio-serial-pci 
  -device virtserialport,chardev=spicechannel0,name=com.redhat.spice.0 
  -device usb-redir,chardev=usbredirchardev1,id=usbredirdev1,debug=3 
  -device usb-redir,chardev=usbredirchardev2,id=usbredirdev2,debug=3 
  -device usb-redir,chardev=usbredirchardev3,id=usbredirdev3,debug=3 
  -device usb-redir,chardev=usbredirchardev4,id=usbredirdev4,debug=3 
  -chardev spicevmc,id=spicechannel0,name=vdagent 
  -chardev spicevmc,name=usbredir,id=usbredirchardev1 
  -chardev spicevmc,name=usbredir,id=usbredirchardev2 
  -chardev spicevmc,name=usbredir,id=usbredirchardev3 
  -chardev spicevmc,name=usbredir,id=usbredirchardev4 
  $(: allow rdp and/or virtual network using interface tap0) 
  -net nic,vlan=0,model=virtio,name=network-rdp-interface,macaddr=$MAC 
  -net user,vlan=0,net=,hostfwd=tcp::3389-:3389 
  -net tap,vlan=0,ifname=tap0 
  $(: create another network interface card to connect with a virtual samba-server) 
  -net nic,vlan=1,model=virtio,name=network-virtual-integrated-samba-share-link 
  -net user,vlan=1,smb=/mnt/anubis/nfs4/mnt/dvs/app/data/ 
  $(: enable monitoring of the running client) 
  -balloon virtio 
  -monitor telnet:,server,nowait 
# display command... 
echo $CMD  
# execute command... 
# execute remote-viewer to display guest.
remote-viewer spice://localhost:5930 &

ich9-ehci-uhci.cfg, spice-space.org, samba

Read things like $(: enable usb2.0 support) as comment (bash does!)


virsh does not start virtual machine with Error: Machine 'XYZ' already exists

This has been a bug, but in case your machine went into this trouble and you want to avoid a reboot, you can force the shutdown of the not-running process causing this issue by machinectl terminate qemu-xyz. The naming scheme differs slightly from the one we know from virsh and it can be looked up with machinectl list.

USB-Redirection not possible: Permission denied

That might be a polkit issue. I fixed it by creating a file:

polkit.addRule(function(action, subject) {
   if (action.id.indexOf("org.spice-space.lowlevelusbaccess") == 0 && subject.isInGroup("kvm")) {
           return polkit.Result.YES;