Hubbry Logo
LibvirtLibvirtMain
Open search
Libvirt
Community hub
Libvirt
logo
8 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Contribute something
Libvirt
Libvirt
Libvirt
View on Wikipedia
from Wikipedia
libvirt
DeveloperRed Hat
Initial releaseDecember 19, 2005; 20 years ago (2005-12-19)[1]
Stable release
12.0.0[2] / 15 January 2026; 22 days ago (15 January 2026)
Repository
Written inC
Operating systemLinux, FreeBSD, Windows, macOS[3]
TypeLibrary
LicenseGNU Lesser General Public License
Websitelibvirt.org Edit this on Wikidata

libvirt is an open-source API, daemon and management tool for managing platform virtualization.[3] It can be used to manage KVM, Xen, VMware ESXi, QEMU and other virtualization technologies. These APIs are widely used in the orchestration layer of hypervisors in the development of a cloud-based solution.

Internals

[edit]
libvirt supports several Hypervisors and is supported by several management solutions

libvirt is a C library with bindings in other languages, notably in Python,[4] Perl,[5] OCaml,[6] Ruby,[7] Java,[8] JavaScript (via Node.js)[9] and PHP.[10] libvirt for these programming languages is composed of wrappers around another class/package called libvirtmod. libvirtmod's implementation is closely associated with its counterpart in C/C++ in syntax and functionality.

Supported Hypervisors

[edit]

User Interfaces

[edit]

Various virtualization programs and platforms use libvirt. Virtual Machine Manager, GNOME Boxes and others provide graphical interfaces. The most popular command line interface is virsh, and higher level tools such as oVirt.[13]

Corporate

[edit]

Development of libvirt is backed by Red Hat,[14] with significant contributions by other organisations and individuals. libvirt is available on most Linux distributions; remote servers are also accessible from Apple Mac OS X and Microsoft Windows clients.[15]

See also

[edit]

References

[edit]

Books

[edit]
  • Warnke, Robert; Ritzau, Thomas. qemu-kvm & libvirt (in German). Norderstedt, Germany: Books on Demand. ISBN 978-3-8370-0876-0.
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Libvirt

View on Grokipedia
from Grokipedia
Libvirt is an open-source virtualization management toolkit that provides a unified, stable C API, along with a daemon and tools, for interacting with and managing platform technologies on and other operating systems. Originally initiated in November 2005 by developers at , the project reached its 1.0.0 release in 2012 after years of maturation and is distributed under the GNU Lesser General Public License version 2.1 or later. At its core, libvirt abstracts the complexities of diverse hypervisors—including KVM, Xen, LXC (Linux Containers), OpenVZ, VMware ESX, VirtualBox, Hyper-V, and others—through a driver-based that enables consistent operations like domain creation, migration, and monitoring. Key components include the libvirtd daemon, which handles remote access and resource management via RPC, the virsh command-line interface for scripting and administration, and support for XML-based configuration of virtual machines, networks, and storage pools. The toolkit also offers language bindings for Python, Perl, Go, and more, facilitating integration into applications for automated virtualization orchestration, while emphasizing security features like fine-grained access controls and audit logging.

Overview

Definition and Purpose

Libvirt is an open-source toolkit consisting of an API, daemon, and management tools designed for platform virtualization and management. It serves as a software library that enables consistent interaction with various virtualization technologies through a stable, unified programming interface accessible from languages such as C, Python, Perl, and Go. Licensed under the GNU Lesser General Public License version 2.1 or later, libvirt facilitates secure and efficient oversight of virtualization resources on a single node or remotely. The primary purpose of libvirt is to provide a common for managing virtual machines (VMs), storage pools and volumes, virtual networks, and physical host nodes across diverse hypervisors, including KVM and . This unified interface abstracts the complexities of underlying platforms, allowing administrators and applications to perform operations without needing hypervisor-specific knowledge. Libvirt simplifies key aspects of VM lifecycle management, such as creation, startup, shutdown, migration, and deletion, while also supporting resource monitoring, configuration adjustments, and event handling for efficient operations. By offering these capabilities, it reduces administrative overhead and enhances portability, making it a foundational building block for higher-level management applications and tools. The latest stable release as of November 2025 is version 11.9.0, issued on , 2025.

History

Libvirt originated as a initiated by engineers in late 2005, aimed at creating a standardized to manage diverse platforms and mitigate the challenges posed by fragmented management interfaces across emerging hypervisors. The began with its first commit on November 2, 2005. The project's first public release, version 0.1.0, arrived in 2006, introducing foundational support for domain management through a minimal set of APIs and the virsh command-line tool. This initial version focused on basic operations like domain listing, starting, and stopping, establishing libvirt as an early for -based . Key milestones followed rapidly to broaden compatibility. Version 0.2.0, released in 2006, integrated support for KVM, enabling management of kernel-based virtual machines alongside . By version 0.4.0 in 2007, initial emulation capabilities were added, enhancing flexibility for full-system simulation. Expansion to additional hypervisors occurred between 2008 and 2010, with version 0.6.0 in 2007 introducing container support and version 0.8.0 in 2009 adding VMware ESX integration, allowing libvirt to handle a wider array of environments. From 2011 onward, efforts emphasized API stabilization and robustness. The release of version 1.0.0 on November 2, 2012, represented a significant maturation point, coinciding with libvirt's seventh anniversary and incorporating refined support for multiple hypervisors, including improved 4.2 compatibility and QEMU enhancements. Libvirt's version progression has been consistent, evolving from 0.1.0 in 2006—centered on core hypervisor interactions—to 11.9.0 on November 3, 2025, with ongoing emphases on stability, security, and feature extensions like container management via , which was pioneered in early releases. Originally driven primarily by contributors, libvirt transitioned post-2010 to a more diverse open-source ecosystem, attracting contributions from multiple organizations and independent developers through its mailing lists and repository. Recent developments from 2023 to 2025 have focused on modern architectures and paradigms, including enhanced support—such as the 'pauth' CPU feature in integrations—and advancements in , like SEV launch and SGX enclave handling in versions 8.10.0 and later.

Architecture

Core Components

Libvirt's core architecture revolves around two primary components: the libvirt library and the libvirtd daemon, which together provide a unified interface for management. The libvirt library serves as the foundational C-based , enabling programmatic access to resources through a that incorporates pluggable drivers for various backend technologies, including hypervisors, storage pools, and networks. This modularity allows the library to abstract complex operations into a consistent set of functions, facilitating interactions without direct dependency on specific implementations. The libvirtd daemon acts as the central management process in monolithic mode, responsible for handling (VM) operations, monitoring events, and allocating resources across supported drivers. It can operate in a monolithic fashion using the libvirtd daemon or in modular fashion using separate daemons like virtqemud for each driver. Modular daemons have become the default in recent distributions such as since 2021, and are the recommended approach going forward, providing benefits like improved , better crash resilience, and finer-grained . In system mode, libvirtd runs with root privileges to manage host-wide resources, whereas session mode supports non-privileged, per-user instances for lighter workloads. Event monitoring is achieved through dedicated sockets, allowing real-time notifications on VM state changes, resource usage, and errors. Resource allocation is driver-mediated, with the daemon enforcing policies on CPU, , and I/O to prevent contention and optimize . Key modules within the libvirt library handle essential aspects of virtualization. Domain management oversees the full VM lifecycle, from definition and creation using XML descriptors to runtime operations like suspension, resumption, and destruction, represented through opaque pointers such as virDomainPtr. Node information retrieval provides insights into host resources, including CPU topology, memory availability, and hardware capabilities via connection handles like virConnectPtr. Secret management secures sensitive credentials, such as encryption keys or passwords, by storing and retrieving them through a dedicated driver that supports both system-wide and per-user modes, often integrated automatically with stateful hypervisors. Internally, client applications connect to the libvirtd daemon via socket-based communication, using URIs to specify the connection type (e.g., local UNIX sockets like /var/run/libvirt/libvirt-sock for read-write access). The daemon then proxies requests to appropriate backend drivers, abstracting their specifics and returning standardized results to the client, which ensures portability across different platforms. This flow supports both local and remote access, with read-only sockets for monitoring to minimize security risks. Error handling in libvirt emphasizes flexibility and detail, allowing applications to retrieve comprehensive error information through structures like virErrorPtr, which include codes, domains, levels, and messages tied to specific connections or domains. Synchronous callbacks can be registered for immediate notification, while asynchronous reporting and reset functions enable robust integration in threaded environments. Logging mechanisms are configurable via environment variables in the library (e.g., LIBVIRT_DEBUG for priority levels) and configuration files in the daemon (e.g., log_level in /etc/libvirt/libvirtd.conf), directing outputs to syslog, files, or the systemd journal with filters for categories and priorities to focus on critical events like warnings or errors. These features include crash-time debug buffers to aid troubleshooting, ensuring operational reliability without overwhelming standard logs.

API Design and Daemon

The libvirt provides a unified and stable interface for managing resources across diverse hypervisors, abstracting platform-specific details to enable consistent operations. It exposes key resources such as domains (virtual machines), networks, storage pools, and volumes through objects like virDomainPtr, virNetworkPtr, virStoragePoolPtr, and virStorageVolPtr, allowing users to perform lifecycle management, configuration, and monitoring tasks. This design supports both local access via direct driver connections and remote access through the libvirtd daemon using URIs, ensuring portability and scalability in multi-host environments. The communicates via a custom RPC protocol that facilitates client-server interactions between applications and the libvirt daemon. This protocol operates over TCP for remote connections or Unix domain sockets for local ones, with structured data encoded in XDR format for interoperability and extensibility. is handled externally through SASL for mechanisms like DIGEST-MD5 or GSSAPI, or TLS with x509 certificates for encryption, while the protocol itself focuses on message serialization, including calls, replies, events, and streams, without built-in security to avoid redundancy. Tunneling options, such as over SSH, further enhance secure remote usage. The libvirt daemon, primarily libvirtd in monolithic mode or modular daemons like virtqemud, handles core operations by processing requests and maintaining system state. It employs an using poll(2) to monitor sockets for incoming client messages and domain events, dispatching them to a worker for concurrent handling to ensure responsiveness. For , the daemon supports managed direct and peer-to-peer modes via calls like virDomainMigrate and virDomainMigrateToURI, coordinating VM state transfer across hosts with options for tunnelled over the RPC protocol. Snapshot management is facilitated through the daemon's tracking of virDomainSnapshotPtr objects, using APIs such as virDomainSnapshotCreateXML for creating disk-only, memory-inclusive, or full-system snapshots defined in format, with support for internal/external storage backends and reversion via virDomainRevertToSnapshot. Libvirt offers language bindings to extend its C , enabling programmatic access in higher-level languages. The Python binding, libvirt-python, is installed via package managers like dnf install libvirt-python on or apt install python3-libvirt on , and provides classes mirroring the C . A basic usage example connects to the and lists domains:

python

import libvirt conn = libvirt.open('qemu:///system') if conn is None: print('Failed to open connection to the [hypervisor](/page/Hypervisor)') else: try: doms = conn.listAllDomains() for dom in doms: print(dom.name()) finally: conn.close()

import libvirt conn = libvirt.open('qemu:///system') if conn is None: print('Failed to open connection to the [hypervisor](/page/Hypervisor)') else: try: doms = conn.listAllDomains() for dom in doms: print(dom.name()) finally: conn.close()

This leverages methods like listAllDomains() for domain enumeration. For , the Sys::Virt binding is installed using : cpan Sys::Virt, supporting modules for domains, networks, and storage. A basic example establishes a connection and retrieves domain information:

perl

use Sys::Virt; my $conn = Sys::Virt->new(uri => 'qemu:///system'); my @domains = $conn->list_domains(); foreach my $dom (@domains) { print $dom->get_name(), "\n"; } $conn->disconnect();

use Sys::Virt; my $conn = Sys::Virt->new(uri => 'qemu:///system'); my @domains = $conn->list_domains(); foreach my $dom (@domains) { print $dom->get_name(), "\n"; } $conn->disconnect();

This uses list_domains() to fetch active domains by name. The Ruby binding, libvirt-ruby, installs via RubyGems: gem install libvirt, and wraps API calls in a Rubyic style. An introductory example connects and creates a domain from XML:

ruby

require 'libvirt' conn = Libvirt::open('qemu:///system') xml = File.read('domain.xml') dom = conn.create_domain_xml(xml) puts dom.name dom.destroy if dom.active? conn.close

require 'libvirt' conn = Libvirt::open('qemu:///system') xml = File.read('domain.xml') dom = conn.create_domain_xml(xml) puts dom.name dom.destroy if dom.active? conn.close

Here, create_domain_xml instantiates a domain, with methods like active? for state checks. Other bindings include those for C#, Go, Java, OCaml, and PHP, each maintained separately for integration into respective ecosystems. Libvirt enforces strict backward compatibility for its primary public API (libvirt.so and libvirt.h), promising indefinite ABI stability where functions, structs, enums, and constants are never removed or altered—only new elements are added. Symbol versioning tags introductions, ensuring applications built against older releases remain functional, while hypervisor-specific APIs lack such guarantees and require validation per release. Deprecations are minimized without a fixed cycle, prioritizing long-term stability for production use.

Supported Technologies

Hypervisors

Libvirt provides comprehensive support for several primary , enabling full lifecycle management of virtual machines (VMs) through its unified . The driver offers the most extensive capabilities, handling QEMU emulators (version 6.2.0 and later) with support for software emulation, hardware acceleration on , and Hypervisor.framework on macOS. This driver facilitates complete VM operations, including creation, startup, migration, and shutdown, across a wide range of architectures. For , libvirt's libxl driver manages both Domain-0 (dom0) host operations and Domain-U (domU) guest VMs, supporting paravirtualized (PV) and fully virtualized (HVM) modes via Xen's libxl toolstack. VMware ESXi integration occurs through the vSphere (version 2.5+), allowing remote management of ESXi 3.5/4.x/5.x hosts and servers without requiring a local libvirtd daemon. In addition to these primary hypervisors, libvirt supports secondary technologies with varying degrees of integration. containers are managed as lightweight virtualization domains on hosts, providing isolation through kernel namespaces and . The hypervisor receives full support on , enabling VM lifecycle operations tailored to BSD environments. The Cloud Hypervisor driver, introduced in version 9.1.0 (March 2023), supports basic lifecycle management and is under active development for this Rust-based VMM optimized for cloud workloads. and offer more limited functionality; support is available but not commonly distributed in major repositories, while the driver is client-side only, connecting via (WinRM) over HTTP/S to manage 2012 R2 and newer servers without local daemon support. VM configurations across hypervisors are defined using XML-based domain descriptors, which standardize elements for while accommodating driver-specific extensions. The <cpu> element specifies model, (sockets, cores, threads), and features like pinning or passthrough (e.g., mode='host-passthrough' for KVM/), allowing emulation of host CPUs or custom architectures. Memory allocation is handled via <memory> for boot-time sizing (in KiB or MiB) and <memoryBacking> for advanced options like hugepages or locked pages, with hypervisor variations such as Xen's support for nosharepages. Device passthrough, including PCI and USB, uses <hostdev> elements, enabling direct hardware access in KVM/ and limited SCSI/network emulation in ESXi via <controller> and <interface> tags. Libvirt's hypervisor compatibility emphasizes hosts for full local execution across supported drivers, with partial support for Windows and macOS primarily through remote connections or build toolchains like and Homebrew. On distributions such as , , and RHEL, all primary hypervisors operate natively; limits to and , while macOS supports /HVF remotely or via builds. Windows integration is constrained to remote management and older build targets (Vista/Server 2008). Recent evolutions have expanded libvirt's capabilities to emerging hardware. ARM64 () support was added in version 6.7.0 (August 2020), enabling /KVM operations on ARM-based hosts like those in cloud and . In 2023, version 9.1.0 introduced initial support for the , with ongoing enhancements including networking (version 10.7.0, September 2024) and disk hotplug (version 11.8.0, October 2025). In 2024, version 10.5.0 introduced extensions via SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging) as a <launchSecurity/> type, enhancing VM isolation on platforms for KVM/ and other drivers, with further extensions like SEV-SNP for in version 11.2.0 (April 2025). These updates ensure libvirt remains adaptable to modern processor architectures and security requirements.

Storage and Networking Management

Libvirt provides abstractions for managing storage resources on the host system, enabling the creation and oversight of storage pools and volumes that virtual machines (VMs) can utilize as disk images or block devices. A storage pool represents a designated quantity of storage, such as a directory, logical volume group, or target, allocated for VM use. Supported pool types include directory pools, which manage files like raw or qcow2 images in a host filesystem (the default storage pool is a directory pool with the target path /var/lib/libvirt/images); logical volume manager (LVM) pools, which carve out thin or thick logical volumes from a volume group for efficient space allocation; and pools, which connect to remote logical unit numbers (LUNs) on an target without supporting on-the-fly volume creation. Storage volumes are subdivisions within these pools, formatted in types such as qcow2 for images supporting snapshots and , or raw for unformatted block access offering direct performance. Operations on volumes include creation via XML definitions, to duplicate volumes efficiently across pools, and snapshotting to capture point-in-time states, which facilitates and recovery workflows. These capabilities ensure that storage remains available and optimized for VM attachment, with libvirt handling the underlying backend specifics uniformly through its . For networking, libvirt abstracts virtual networks that provide connectivity for VMs, including virtual bridges for layer-2 switching, (NAT) for outbound internet access without exposing guests directly, and VLAN tagging for segmenting traffic on trunked host interfaces. The default NAT network, often implemented via the virbr0 bridge, exemplifies this abstraction: when starting a VM configured for this network, libvirt creates a vnetX tap interface for the VM and attaches it as a slave to the virbr0 bridge, bringing the bridge state to UP and enabling communication; the VM then receives an IP address, typically in the 192.168.122.x range, from the dnsmasq DHCP server, facilitating NAT connectivity. Integration with host interfaces occurs via bridged mode, where a physical network interface is enslaved to a Linux bridge for direct VM access to the LAN, or through SR-IOV, which allows passthrough of virtual functions from a physical NIC to achieve near-native performance by bypassing the host kernel. VLAN support extends to both standard bridges and configurations, enabling tagged traffic isolation. Management of these resources is facilitated by libvirt's C API, with functions such as virStoragePoolDefineXML for defining persistent storage pools from XML descriptions, including validation flags to ensure configuration integrity before activation. Similarly, virNetworkCreate launches a predefined virtual network, transitioning it to an active state with automatic firewall and DHCP setup, while virNetworkCreateXML allows immediate creation and startup from XML for dynamic environments. These APIs abstract backend differences, such as for NAT rules or LVM commands for volume provisioning. Advanced features enhance reliability in distributed setups, including persistent storage migration during VM live migration, achieved via the --copy-storage-all flag in virsh migrate, which copies non-shared disks synchronously to the destination host while supporting zero-block detection for sparsification since version 10.9.0 (2024). For networks, firewall rules are automatically generated using or backends (introduced in version 10.4.0, 2024), with enhancements like the libvirt-routed zone for integration (version 8.10.0, 2022) to permit inbound connections on routed networks without manual intervention. Best practices for storage and networking emphasize proactive monitoring to prevent exhaustion, such as regularly querying pool capacities with virStoragePoolGetInfo to avoid over-allocation in LVM or directory pools. It is essential to configure storage pools to autostart (virsh pool-autostart <pool-name>) to ensure they are available after a host . Particular attention should be paid to the default storage pool, which must be active for tools like virt-install to validate installation media successfully. An inactive default pool or inaccessible target directory often leads to errors such as "Could not start storage pool: cannot open directory". To address this, verify pool status with virsh pool-list --all; if the 'default' pool is inactive, activate it using virsh pool-start default. If activation fails due to directory access issues, ensure the target directory exists (sudo mkdir -p /var/lib/libvirt/images), set appropriate ownership and permissions (typically sudo chown root:root /var/lib/libvirt/images and sudo chmod 755 /var/lib/libvirt/images, though some distributions use qemu:qemu or similar), and check for security module restrictions (e.g., SELinux or AppArmor). Review libvirt logs for further details using journalctl -u libvirtd or by examining /var/log/libvirt/libvirtd.log. For custom storage pools, confirm they are active and their target paths are accessible. For networks, defining isolated modes or explicit VLANs minimizes exposure, while using managed SR-IOV pools prevents host interface conflicts. Administrators should validate XML configurations before definition to catch errors early and prefer thin-provisioned volumes in qcow2 format for scalable growth without immediate space commitment.

User Interfaces

Command-Line Interfaces

Libvirt provides several command-line interfaces (CLIs) for managing virtual machines (domains), storage, networks, and other resources, enabling both interactive and automated administration. These tools interact with the libvirt daemon via its , offering a text-based alternative to graphical interfaces for precise control in server environments or scripts. The primary CLI tool is virsh, a versatile shell and command-line utility for domain lifecycle management across supported hypervisors such as KVM, , and . It allows users to list active and inactive domains with virsh list --all, which displays details like domain ID, name, and state. Starting a domain from an XML uses virsh start domain-name, while immediate shutdown is achieved via virsh destroy domain-name, which forcefully terminates the guest without graceful shutdown. Configuration modifications, such as adjusting CPU or memory allocations, can be made persistently using virsh edit domain-name, which opens the domain's XML in the default editor for the next boot. Virsh also supports advanced operations like and snapshot management. The virsh migrate --live domain-name dest-uri command performs of a running domain to a remote host, preserving its state with minimal downtime; for example, virsh migrate --live fedora qemu+ssh://remote-host/system transfers the "fedora" domain over SSH. Snapshot reversion is handled by virsh snapshot-revert domain-name snapshot-name, restoring the domain to a previous state from its snapshot list. Complementing virsh are specialized CLIs for common tasks. virt-install provisions new virtual machines from installation media, supporting KVM, , or guests; it automates XML generation and installation via options like --name, --ram, and --location for network-based OS trees, as in virt-install --name new-vm --ram 1024 --vcpus 2 --os-variant fedora42 --location http://[example.com](/page/Example.com)/os.

Common Issues with virt-install

A common error when using virt-install is "Validating install media failed: Could not start storage pool: cannot open directory". This error occurs when libvirt cannot validate the installation media because the storage pool (typically the 'default' pool) cannot be started, usually due to the pool's target directory being inaccessible or non-existent (e.g., /var/lib/libvirt/images). Common causes:
  • The storage pool is inactive.
  • The pool's target directory does not exist.
  • Incorrect permissions on the directory.
  • Security modules (SELinux/AppArmor) blocking access.
Fix:
  1. Verify storage pools: virsh pool-list --all
  2. If 'default' is inactive, start it: virsh pool-start default
  3. If starting fails with "cannot open directory":
    • Ensure the directory exists: sudo mkdir -p /var/lib/libvirt/images
    • Set correct permissions (typically): sudo chown root:root /var/lib/libvirt/images and sudo chmod 755 /var/lib/libvirt/images
    • Or for qemu user: sudo chown qemu:qemu /var/lib/libvirt/images (depends on distro)
  4. Make pool autostart: virsh pool-autostart default
  5. Check libvirt logs for details: journalctl -u libvirtd or /var/log/libvirt/libvirtd.log
  6. Retry the virt-install command.
If using a custom pool, ensure it is active and its path is accessible. virt-clone duplicates existing inactive domains by copying disk images and generating new configurations with unique identifiers. It requires specifying the original domain and output paths, such as virt-clone --original old-vm --name new-vm --file /path/to/new-disk.img, automatically updating UUID, MAC addresses, and names to avoid conflicts. For console access, virt-viewer connects to a domain's graphical console using VNC or protocols, providing a minimal viewer without full management features; invocation is simple, like virt-viewer domain-name, which leverages libvirt to establish the connection. These CLIs integrate well with scripting for batch operations and remote management. Virsh and related tools accept connection URIs to target local or remote daemons, such as qemu+ssh://host/system for secure access over SSH, enabling commands like virsh -c qemu+ssh://remote-host/system list to manage distant systems. In scripts, output can be parsed for , such as looping through virsh list --all to start multiple idle domains sequentially. While powerful for automation, these interfaces lack graphical elements, relying on text output and requiring familiarity with XML and command syntax, making them ideal for headless servers but less intuitive for visual monitoring.

Graphical and Web Interfaces

Libvirt provides several graphical and web-based interfaces that enable users, particularly non-programmers, to manage virtual machines (VMs) without relying on command-line tools. These frontends leverage libvirt's API to offer intuitive visualizations for VM lifecycle operations, monitoring, and configuration, facilitating easier adoption in desktop and server environments. Virtual Machine Manager (virt-manager) is a GTK-based desktop designed for comprehensive VM management through libvirt. It supports VM creation via wizards that configure resources and virtual hardware, real-time monitoring with live performance statistics, and embedded VNC or clients for graphical console access. Additional features include drag-and-drop attachment of ISO files for installation media, performance graphs displaying CPU, memory, disk, and network metrics, and support for remote connections to manage VMs across multiple hosts. Primarily targeted at desktop users, virt-manager allows remote access from Windows or macOS clients via SSH or TLS-secured libvirt connections. GNOME Boxes offers a simplified graphical interface built on libvirt, libosinfo, and , aimed at for end-users seeking minimal configuration overhead. It enables quick browsing and access to local or remote VMs and containers, with intuitive customization of machine preferences and performance monitoring through integrated views. Unlike more advanced tools, GNOME Boxes prioritizes ease of use by automating setups for testing operating systems or remote desktop scenarios, while sharing underlying code with for robust libvirt integration. It is optimized for environments on desktops. qt-virt-manager is a Qt-based graphical user interface for managing libvirt-based VMs, networks, storage, and other entities. It provides tools for creating, controlling, and monitoring virtual machines with a focus on cross-platform compatibility and modern Qt widgets. Karton, developed in 2025 as part of KDE's project, is a native Qt-Quick/Kirigami-based virtual machine manager for Plasma. It offers a modern interface for listing, configuring, installing, and accessing libvirt-controlled VMs, with features like integration and streamlined creation wizards, providing a Qt-native alternative to tools. As of November 2025, it is advancing toward integration in environments. For web-based management, serves as a browser-accessible graphical interface for Linux servers, incorporating libvirt support via the cockpit-machines module to handle VM creation, storage, networking, and logs. Users can install OS images, view performance graphs correlating CPU, memory, network, and disk activity, and access VM consoles directly in the browser. Cockpit facilitates multi-host management by connecting to remote systems over SSH from a single session, enabling oversight of VMs across distributed environments. It runs on major Linux distributions like , RHEL, and , with client access available from Windows, macOS, or mobile browsers. Kimchi, an older HTML5-based web interface, provides KVM guest management through libvirt as a plugin for the framework. It allows users to create VMs from templates, view live screenshots of running guests, modify storage and network settings, and connect to displays via browser. Accessed over with PAM authentication, Kimchi targets single-host simplification but has seen limited updates since around 2017, making it less commonly used compared to modern alternatives. It supports platforms with KVM hypervisors.

Development and Community

Corporate Contributions

Red Hat has served as the primary developer and maintainer of libvirt since its in 2005, employing key contributors such as Daniel P. Berrangé and funding the core development team to ensure integration with (RHEL) Virtualization. This sponsorship model involves dedicating engineering resources to upstream development, including feature requests and bug fixes driven by enterprise needs in RHEL. Other corporations have made targeted contributions to libvirt. IBM contributed to KVM hypervisor support and s390x architecture enhancements starting around 2010, including integration for IBM Secure Execution (introduced in 2019) to enable protected on systems. SUSE has contributed to libvirt's interoperability and daemon configurations, ensuring seamless integration with and Server for . Starting in 2023, Google has supported cloud-related enhancements through funding student projects via , focusing on improvements for scalable in cloud environments. Corporate involvement has directly influenced key features. For instance, Red Hat led the development of live storage migration in 2012, allowing seamless disk relocation for running virtual machines without , a capability critical for enterprise high-availability setups. Multi-vendor efforts, including contributions from Linaro and ecosystem partners, enabled robust ARM architecture support around 2020, broadening libvirt's applicability to edge and platforms. In recent years, particularly by 2025, has increased its contributions to libvirt for , enhancing support for Intel Trust Domain Extensions (TDX) to facilitate hardware-encrypted virtual machines that protect against host-level attacks. These efforts include upstream patches for TDX attestation and guest hardening, aligning with broader industry pushes for secure multi-tenant environments.

Community and Governance

Libvirt is governed by a of maintainers, committers, and contributors who guide its development through consensus. Maintainers oversee major areas like the , drivers, and tools, while committers review and merge patches. Contributors include individuals and organizations submitting code, documentation, and bug reports. Communication occurs primarily via mailing lists such as [email protected] for development discussions and [email protected] for user support. The project participates in outreach programs like to engage new developers.

Licensing and Distributions

Libvirt's core is distributed under the GNU Lesser General Public License (LGPL) version 2.1 or later, which permits dynamic linking with while requiring that any modifications to the itself be made available under the same . In contrast, the accompanying tools, such as the virsh and the libvirtd daemon, are licensed under the GNU General Public License (GPL) version 2.0 or later, ensuring that derivative works incorporating these components adhere to requirements. This dual-licensing approach facilitates broad adoption by allowing integration into both open-source and closed-source environments without imposing restrictive obligations on users of the alone. Libvirt is available as native packages across major Linux distributions, including Fedora, Ubuntu, Debian, and CentOS Stream, where it is maintained through official repositories to ensure compatibility with the host system's kernel and dependencies. For instance, Fedora provides libvirt via RPM packages integrated with its virtualization stack, while Ubuntu and Debian offer DEB packages that align with their respective ecosystem standards. Ports exist for non-Linux systems as well, such as FreeBSD through its ports collection and macOS via the Homebrew package manager, enabling cross-platform management of virtualization resources. Installation options for libvirt include pre-built packages from distribution repositories (RPM for and , DEB for and ), which handle automatic dependency resolution, and source compilation for custom configurations. Source builds require tools like and , along with key dependencies such as for hypervisor support and for daemon management on compatible systems. These variants ensure flexibility, with package managers preferred for production deployments to maintain security updates and system integration. Distribution versions of libvirt typically track stable upstream releases, with 24.04 LTS shipping version 10.0.0 and providing backports for releases to incorporate security fixes and enhancements without full upgrades. As of November 2025, the latest stable release is version 11.9.0, released on November 3, 2025. Similar alignment occurs in other distributions, where maintainers synchronize with libvirt's biannual release cycle to balance stability and new features. As a (FOSS) project, libvirt adheres to principles of openness and , promoting no by standardizing management across diverse platforms and hypervisors.

Integrations and Applications

Cloud Orchestration

Libvirt plays a central role in cloud orchestration by serving as the virtualization backend for major platforms, enabling the management of virtual machines (VMs) at scale in distributed environments. In , libvirt is the default and most commonly used for the Nova compute service, handling the creation, migration, and lifecycle management of KVM-based instances across clusters. This integration allows Nova to leverage libvirt's for low-level hypervisor operations, ensuring consistent VM provisioning in multi-node deployments. Additionally, OpenStack's orchestration engine supports the deployment of libvirt-managed resources through templates that define stacks including compute instances, storage, and networking, facilitating automated infrastructure-as-code workflows in environments. For container-orchestration platforms like , libvirt integrates with extensions such as KubeVirt, a Kubernetes-native layer that embeds libvirt in pods to provide a dedicated for VM , enhancing for non-containerizable applications. Enterprise platforms further extend libvirt's capabilities. , an open-source solution, relies on libvirt via its VDSM daemon to oversee KVM VMs across data centers, providing centralized control for storage, networking, and high-availability features. As the upstream project for Red Hat Enterprise Virtualization (RHEV), uses libvirt for core VM operations, enabling scalable deployments in enterprise settings with support for and resource pooling. Proxmox VE, while primarily built on direct /KVM interactions, allows supplementary use of libvirt tools for advanced VM configurations on its platform, though it employs a custom toolkit for core to simplify web-based . Libvirt's design supports scalability in cloud clusters through features like multi-tenant isolation and API controls. Multi-tenant isolation is achieved via sVirt, which integrates (MAC) like SELinux to enforce domain separation between VMs from different tenants, preventing unauthorized access in shared environments such as deployments. For large-scale operations, libvirt implements in areas like network filter evaluations to mitigate denial-of-service risks from excessive packet processing, and ongoing developments include dirty page rate limits for efficient live migrations in clustered setups. These mechanisms ensure reliable performance in orchestrators handling thousands of VMs. In hybrid cloud scenarios, libvirt underpins integrations observed in deployments like AWS Outposts and Azure Stack. For instance, clusters on AWS Outposts utilize libvirt-backed KVM for remote worker nodes, extending cloud-native orchestration to on-premises hardware while maintaining compatibility with AWS services. These case studies highlight libvirt's versatility in providing consistent virtualization layers across hybrid boundaries.

Security and Best Practices

Libvirt provides a robust framework for securing environments through , , isolation mechanisms, and encrypted communications. Security begins at the daemon level, where libvirtd should run as a non-privileged user to minimize host exposure, with socket permissions restricted to authorized groups. systems like SELinux or are enabled by default in many distributions to confine processes, preventing guest escapes or unauthorized host resource access. Administrators must configure these policies carefully, such as labeling disk images with appropriate SELinux types like svirt_image_t for exclusive access. For remote management, (TLS) is recommended to encrypt connections and authenticate clients and servers using certificates. Setup involves generating a (CA) key and , then signing server and client certificates for deployment in standardized paths like /etc/pki/libvirt/. This prevents man-in-the-middle attacks on the libvirt RPC protocol, with best practices including using a central CA for simplified revocation and ensuring private keys remain protected. Authentication can further integrate with SASL mechanisms, though insecure ones like plaintext should be disabled in libvirtd.conf. Authorization uses pluggable access control drivers, such as , to enforce fine-grained permissions on calls based on user identities and object attributes like domain UUIDs. By default, connections are unauthenticated until verified, granting only read-only access post-authentication unless full privileges are assigned. Best practices include defining rules in configuration files to restrict operations like domain creation to specific users or groups, avoiding the insecure none driver. Virtual machine isolation is enhanced by avoiding automatic disk format detection on untrusted images to prevent exploitation via malicious headers that could leak host data. Instead, explicitly specify formats like qcow2 and validate images for backing chains or oversized logical sizes before import. For storage, encrypt virtual disks using LUKS or similar to protect against physical theft or rogue admins, especially in shared environments. Networking should use isolated virtual networks with ebtables rules, restricting guest-to-host traffic beyond necessary migration ports. Device passthrough requires careful security labeling to mitigate risks of guest access to host resources; for instance, use SELinux contexts like virt_content_t for read-only host files passed to guests. Disable confinement only when necessary via <seclabel model='none'/> in domain XML, but prefer mediated devices like VFIO for PCI passthrough to enforce IOMMU isolation. For confidential computing, AMD Secure Encrypted Virtualization (SEV) can be enabled in libvirt (version 4.5.0+) by configuring <launchSecurity type='sev'/> in the domain XML, requiring kernel parameters like mem_encrypt=on and attestation via tools like sevctl. Trust Domain Extensions (TDX) is supported as of libvirt 8.0 (October 2025) with <launchSecurity type='tdx'/>, enabling hardware-isolated VMs on compatible hardware for enhanced data protection in use. Validation tools like virt-qemu-sev-validate ensure measurement integrity before launch. Ongoing best practices include regular updates to libvirt and hypervisors to address vulnerabilities, monitoring via virt-host-validate for secure features, and reporting issues through the dedicated security team process rather than public bug trackers. Avoid running unnecessary services on the host and use dedicated partitions for guest storage to limit scan scopes in LVM configurations.

References

  1. https://libvirt.org/api.html
  2. https://www.berrange.com/posts/2012/11/02/announce-libvirt-1-0-0-release-and-7th-birthday/
  3. https://wiki.libvirt.org/FAQ.html
  4. https://libvirt.org/drivers.html
  5. https://libvirt.org/manpages/libvirtd.html
  6. https://libvirt.org/manpages/virsh.html
  7. https://libvirt.org/formatdomain.html
  8. https://libvirt.org/
  9. https://libvirt.org/auditlog.html
  10. https://libvirt.org/compiling.html
  11. https://libvirt.org/goals.html
  12. https://libvirt.org/news.html
  13. http://libvirt.org/git/?p=libvirt.git;a=log
  14. https://libvirt.org/contribute.html
  15. https://libvirt.org/kbase/launch_security_sev.html
  16. https://scs.community/tech/2023/11/21/confidential-computing-in-digital-sovereign-environments/
  17. https://libvirt.org/daemons.html
  18. https://fedoraproject.org/wiki/Changes/LibvirtModularDaemons
  19. https://libvirt.org/daemons.html#monolithic-sockets
  20. https://libvirt.org/drvsecret.html
  21. https://libvirt.org/errors.html
  22. https://libvirt.org/logging.html
  23. https://libvirt.org/kbase/internals/rpc.html
  24. https://libvirt.org/kbase/internals/eventloop.html
  25. https://libvirt.org/migration.html
  26. https://libvirt.org/formatsnapshot.html
  27. https://libvirt.org/bindings.html
  28. https://libvirt.org/python.html
  29. https://metacpan.org/dist/Sys-Virt
  30. https://ruby.libvirt.org/
  31. https://libvirt.org/support.html
  32. https://libvirt.org/drvqemu.html
  33. https://libvirt.org/drvxen.html
  34. https://libvirt.org/drvesx.html
  35. https://libvirt.org/platforms.html
  36. https://libvirt.org/drvch.html
  37. https://libvirt.org/drvhyperv.html
  38. https://libvirt.org/storage.html
  39. https://libvirt.org/formatstorage.html
  40. https://wiki.libvirt.org/page/Networking.html
  41. https://libvirt.org/formatnetwork.html
  42. https://libvirt.org/html/libvirt-libvirt-storage.html
  43. https://libvirt.org/html/libvirt-libvirt-network.html
  44. https://libvirt.org/firewall.html
  45. https://www.libvirt.org/manpages/virsh.html
  46. https://libvirt.org/apps.html
  47. https://linux.die.net/man/1/virt-install
  48. https://virt-manager.org/
  49. https://libvirt.org/manpages/virt-install.html
  50. https://linux.die.net/man/1/virt-clone
  51. https://linux.die.net/man/1/virt-viewer
  52. https://libvirt.org/uri.html
  53. https://documentation.suse.com/sles/15-SP7/html/SLES-all/cha-libvirt-config-gui.html
  54. https://wiki.gnome.org/Apps/Boxes
  55. https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-graphic_user_interface_tools_for_guest_virtual_machine_management-gnome_boxes
  56. https://f1ash.github.io/qt-virt-manager
  57. https://blogs.kde.org/2025/08/28/gsoc-2025-final-project-blog-developing-karton-the-kde-virtual-machine-manager/
  58. https://cockpit-project.org/
  59. https://www.redhat.com/en/blog/manage-virtual-machines-cockpit
  60. https://cockpit-project.org/guide/latest/feature-machines
  61. https://github.com/kimchi-project/kimchi
  62. https://www.redhat.com/en/about/open-source-program-office/contributions
  63. https://libvirt.org/kbase/s390_protected_virt.html
  64. https://documentation.suse.com/sles/15-SP7/html/SLES-all/cha-libvirt-overview.html
  65. https://wiki.libvirt.org/Google_Summer_of_Code_FAQ.html
  66. https://access.redhat.com/errata/RHSA-2012:0748
  67. https://developers.redhat.com/articles/2025/11/05/setting-intel-tdx-vms-trustee-openshift
  68. https://fedoraproject.org/wiki/Changes/ConfidentialVirtHostIntelTDX
  69. https://libvirt.org/governance.html
  70. https://libvirt.org/contact.html
  71. https://gitlab.com/libvirt/libvirt
  72. https://docs.fedoraproject.org/en-US/quick-docs/virtualization-getting-started/
  73. https://www.freshports.org/devel/libvirt
  74. https://formulae.brew.sh/formula/libvirt
  75. https://libvirt.org/kbase/rpm-deployment.html
  76. https://docs.openstack.org/kolla-ansible/latest/reference/compute/libvirt-guide.html
  77. https://opendev.org/openstack/nova/src/branch/master/nova/virt/libvirt/driver.py
  78. https://www.mirantis.com/blog/virtlet-run-vms-as-kubernetes-pods/
  79. https://kubevirt.io/
  80. https://www.ovirt.org/develop/release-management/features/virt/KvmToOvirt.html
  81. https://www.ovirt.org/develop/developer-guide/vdsm/libvirt-performance-scalability.html
  82. https://libvirt.org/formatnwfilter.html
  83. https://lists.libvirt.org/archives/list/devel%40lists.libvirt.org/message/3XHEDZAURWUVJ4WDVHOEP47WBJLVXWWP/
  84. https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/installing_on_aws/installing-aws-outposts-remote-workers
  85. https://libvirt.org/kbase/secureusage.html
  86. https://documentation.ubuntu.com/server/how-to/virtualisation/libvirt/
  87. https://libvirt.org/kbase/qemu-passthrough-security.html
  88. https://libvirt.org/kbase/tlscerts.html
  89. https://wiki.libvirt.org/TLSSetup.html
  90. https://libvirt.org/remote.html
  91. https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/virtualization_security_guide/sect-securing_the_host_physical_machine_and_improving_performance-client_access_control
  92. https://libvirt.org/aclpolkit.html
  93. https://libvirt.org/manpages/virt-qemu-sev-validate.html
Add your contribution
Related Hubs
Contribute something
User Avatar
No comments yet.