# Master configuration file for the QEMU driver.# All settings described here

1. # Master configuration file for the QEMU driver.
2. # All settings described here are optional - if omitted, sensible
3. # defaults are used.
4.  
5. # Use of TLS requires that x509 certificates be issued. The default is
6. # to keep them in /etc/pki/qemu. This directory must contain
7. #
8. # ca-cert.pem - the CA master certificate
9. # server-cert.pem - the server certificate signed with ca-cert.pem
10. # server-key.pem - the server private key
11. #
12. # and optionally may contain
13. #
14. # dh-params.pem - the DH params configuration file
15. #
16. #default_tls_x509_cert_dir = "/etc/pki/qemu"
17.  
18.  
19. # The default TLS configuration only uses certificates for the server
20. # allowing the client to verify the server's identity and establish
21. # an encrypted channel.
22. #
23. # It is possible to use x509 certificates for authentication too, by
24. # issuing a x509 certificate to every client who needs to connect.
25. #
26. # Enabling this option will reject any client who does not have a
27. # certificate signed by the CA in /etc/pki/qemu/ca-cert.pem
28. #
29. #default_tls_x509_verify = 1
30.  
31. #
32. # Libvirt assumes the server-key.pem file is unencrypted by default.
33. # To use an encrypted server-key.pem file, the password to decrypt
34. # the PEM file is required. This can be provided by creating a secret
35. # object in libvirt and then to uncomment this setting to set the UUID
36. # of the secret.
37. #
38. # NB This default all-zeros UUID will not work. Replace it with the
39. # output from the UUID for the TLS secret from a 'virsh secret-list'
40. # command and then uncomment the entry
41. #
42. #default_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
43.  
44.  
45. # VNC is configured to listen on 127.0.0.1 by default.
46. # To make it listen on all public interfaces, uncomment
47. # this next option.
48. #
49. # NB, strong recommendation to enable TLS + x509 certificate
50. # verification when allowing public access
51. #
52. #vnc_listen = "0.0.0.0"
53.  
54. # Enable this option to have VNC served over an automatically created
55. # unix socket. This prevents unprivileged access from users on the
56. # host machine, though most VNC clients do not support it.
57. #
58. # This will only be enabled for VNC configurations that have listen
59. # type=address but without any address specified. This setting takes
60. # preference over vnc_listen.
61. #
62. #vnc_auto_unix_socket = 1
63.  
64. # Enable use of TLS encryption on the VNC server. This requires
65. # a VNC client which supports the VeNCrypt protocol extension.
66. # Examples include vinagre, virt-viewer, virt-manager and vencrypt
67. # itself. UltraVNC, RealVNC, TightVNC do not support this
68. #
69. # It is necessary to setup CA and issue a server certificate
70. # before enabling this.
71. #
72. #vnc_tls = 1
73.  
74.  
75. # In order to override the default TLS certificate location for
76. # vnc certificates, supply a valid path to the certificate directory.
77. # If the provided path does not exist then the default_tls_x509_cert_dir
78. # path will be used.
79. #
80. #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
81.  
82.  
83. # The default TLS configuration only uses certificates for the server
84. # allowing the client to verify the server's identity and establish
85. # an encrypted channel.
86. #
87. # It is possible to use x509 certificates for authentication too, by
88. # issuing a x509 certificate to every client who needs to connect.
89. #
90. # Enabling this option will reject any client who does not have a
91. # certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
92. #
93. # If this option is not supplied, it will be set to the value of
94. # "default_tls_x509_verify".
95. #
96. #vnc_tls_x509_verify = 1
97.  
98.  
99. # The default VNC password. Only 8 bytes are significant for
100. # VNC passwords. This parameter is only used if the per-domain
101. # XML config does not already provide a password. To allow
102. # access without passwords, leave this commented out. An empty
103. # string will still enable passwords, but be rejected by QEMU,
104. # effectively preventing any use of VNC. Obviously change this
105. # example here before you set this.
106. #
107. #vnc_password = "XYZ12345"
108.  
109.  
110. # Enable use of SASL encryption on the VNC server. This requires
111. # a VNC client which supports the SASL protocol extension.
112. # Examples include vinagre, virt-viewer and virt-manager
113. # itself. UltraVNC, RealVNC, TightVNC do not support this
114. #
115. # It is necessary to configure /etc/sasl2/qemu.conf to choose
116. # the desired SASL plugin (eg, GSSPI for Kerberos)
117. #
118. #vnc_sasl = 1
119.  
120.  
121. # The default SASL configuration file is located in /etc/sasl2/
122. # When running libvirtd unprivileged, it may be desirable to
123. # override the configs in this location. Set this parameter to
124. # point to the directory, and create a qemu.conf in that location
125. #
126. #vnc_sasl_dir = "/some/directory/sasl2"
127.  
128.  
129. # QEMU implements an extension for providing audio over a VNC connection,
130. # though if your VNC client does not support it, your only chance for getting
131. # sound output is through regular audio backends. By default, libvirt will
132. # disable all QEMU sound backends if using VNC, since they can cause
133. # permissions issues. Enabling this option will make libvirtd honor the
134. # QEMU_AUDIO_DRV environment variable when using VNC.
135. #
136. #vnc_allow_host_audio = 0
137.  
138.  
139.  
140. # SPICE is configured to listen on 127.0.0.1 by default.
141. # To make it listen on all public interfaces, uncomment
142. # this next option.
143. #
144. # NB, strong recommendation to enable TLS + x509 certificate
145. # verification when allowing public access
146. #
147. #spice_listen = "0.0.0.0"
148.  
149.  
150. # Enable use of TLS encryption on the SPICE server.
151. #
152. # It is necessary to setup CA and issue a server certificate
153. # before enabling this.
154. #
155. #spice_tls = 1
156.  
157.  
158. # In order to override the default TLS certificate location for
159. # spice certificates, supply a valid path to the certificate directory.
160. # If the provided path does not exist then the default_tls_x509_cert_dir
161. # path will be used.
162. #
163. #spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"
164.  
165.  
166. # Enable this option to have SPICE served over an automatically created
167. # unix socket. This prevents unprivileged access from users on the
168. # host machine.
169. #
170. # This will only be enabled for SPICE configurations that have listen
171. # type=address but without any address specified. This setting takes
172. # preference over spice_listen.
173. #
174. #spice_auto_unix_socket = 1
175.  
176.  
177. # The default SPICE password. This parameter is only used if the
178. # per-domain XML config does not already provide a password. To
179. # allow access without passwords, leave this commented out. An
180. # empty string will still enable passwords, but be rejected by
181. # QEMU, effectively preventing any use of SPICE. Obviously change
182. # this example here before you set this.
183. #
184. #spice_password = "XYZ12345"
185.  
186.  
187. # Enable use of SASL encryption on the SPICE server. This requires
188. # a SPICE client which supports the SASL protocol extension.
189. #
190. # It is necessary to configure /etc/sasl2/qemu.conf to choose
191. # the desired SASL plugin (eg, GSSPI for Kerberos)
192. #
193. #spice_sasl = 1
194.  
195. # The default SASL configuration file is located in /etc/sasl2/
196. # When running libvirtd unprivileged, it may be desirable to
197. # override the configs in this location. Set this parameter to
198. # point to the directory, and create a qemu.conf in that location
199. #
200. #spice_sasl_dir = "/some/directory/sasl2"
201.  
202. # Enable use of TLS encryption on the chardev TCP transports.
203. #
204. # It is necessary to setup CA and issue a server certificate
205. # before enabling this.
206. #
207. #chardev_tls = 1
208.  
209.  
210. # In order to override the default TLS certificate location for character
211. # device TCP certificates, supply a valid path to the certificate directory.
212. # If the provided path does not exist then the default_tls_x509_cert_dir
213. # path will be used.
214. #
215. #chardev_tls_x509_cert_dir = "/etc/pki/libvirt-chardev"
216.  
217.  
218. # The default TLS configuration only uses certificates for the server
219. # allowing the client to verify the server's identity and establish
220. # an encrypted channel.
221. #
222. # It is possible to use x509 certificates for authentication too, by
223. # issuing a x509 certificate to every client who needs to connect.
224. #
225. # Enabling this option will reject any client who does not have a
226. # certificate signed by the CA in /etc/pki/libvirt-chardev/ca-cert.pem
227. #
228. #chardev_tls_x509_verify = 1
229.  
230.  
231. # Uncomment and use the following option to override the default secret
232. # UUID provided in the default_tls_x509_secret_uuid parameter.
233. #
234. # NB This default all-zeros UUID will not work. Replace it with the
235. # output from the UUID for the TLS secret from a 'virsh secret-list'
236. # command and then uncomment the entry
237. #
238. #chardev_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
239.  
240.  
241. # By default, if no graphical front end is configured, libvirt will disable
242. # QEMU audio output since directly talking to alsa/pulseaudio may not work
243. # with various security settings. If you know what you're doing, enable
244. # the setting below and libvirt will passthrough the QEMU_AUDIO_DRV
245. # environment variable when using nographics.
246. #
247. #nographics_allow_host_audio = 1
248.  
249.  
250. # Override the port for creating both VNC and SPICE sessions (min).
251. # This defaults to 5900 and increases for consecutive sessions
252. # or when ports are occupied, until it hits the maximum.
253. #
254. # Minimum must be greater than or equal to 5900 as lower number would
255. # result into negative vnc display number.
256. #
257. # Maximum must be less than 65536, because higher numbers do not make
258. # sense as a port number.
259. #
260. #remote_display_port_min = 5900
261. #remote_display_port_max = 65535
262.  
263. # VNC WebSocket port policies, same rules apply as with remote display
264. # ports. VNC WebSockets use similar display <-> port mappings, with
265. # the exception being that ports start from 5700 instead of 5900.
266. #
267. #remote_websocket_port_min = 5700
268. #remote_websocket_port_max = 65535
269.  
270. # The default security driver is SELinux. If SELinux is disabled
271. # on the host, then the security driver will automatically disable
272. # itself. If you wish to disable QEMU SELinux security driver while
273. # leaving SELinux enabled for the host in general, then set this
274. # to 'none' instead. It's also possible to use more than one security
275. # driver at the same time, for this use a list of names separated by
276. # comma and delimited by square brackets. For example:
277. #
278. # security_driver = [ "selinux", "apparmor" ]
279. #
280. # Notes: The DAC security driver is always enabled; as a result, the
281. # value of security_driver cannot contain "dac". The value "none" is
282. # a special value; security_driver can be set to that value in
283. # isolation, but it cannot appear in a list of drivers.
284. #
285. #security_driver = "selinux"
286.  
287. # If set to non-zero, then the default security labeling
288. # will make guests confined. If set to zero, then guests
289. # will be unconfined by default. Defaults to 1.
290. #security_default_confined = 1
291.  
292. # If set to non-zero, then attempts to create unconfined
293. # guests will be blocked. Defaults to 0.
294. #security_require_confined = 1
295.  
296. # The user for QEMU processes run by the system instance. It can be
297. # specified as a user name or as a user id. The qemu driver will try to
298. # parse this value first as a name and then, if the name doesn't exist,
299. # as a user id.
300. #
301. # Since a sequence of digits is a valid user name, a leading plus sign
302. # can be used to ensure that a user id will not be interpreted as a user
303. # name.
304. #
305. # Some examples of valid values are:
306. #
307. # user = "qemu" # A user named "qemu"
308. # user = "+0" # Super user (uid=0)
309. # user = "100" # A user named "100" or a user with uid=100
310. #
311. #user = "root"
312.  
313. # The group for QEMU processes run by the system instance. It can be
314. # specified in a similar way to user.
315. #group = "root"
316.  
317. # Whether libvirt should dynamically change file ownership
318. # to match the configured user/group above. Defaults to 1.
319. # Set to 0 to disable file ownership changes.
320. #dynamic_ownership = 1
321.  
322.  
323. # What cgroup controllers to make use of with QEMU guests
324. #
325. # - 'cpu' - use for schedular tunables
326. # - 'devices' - use for device whitelisting
327. # - 'memory' - use for memory tunables
328. # - 'blkio' - use for block devices I/O tunables
329. # - 'cpuset' - use for CPUs and memory nodes
330. # - 'cpuacct' - use for CPUs statistics.
331. #
332. # NB, even if configured here, they won't be used unless
333. # the administrator has mounted cgroups, e.g.:
334. #
335. # mkdir /dev/cgroup
336. # mount -t cgroup -o devices,cpu,memory,blkio,cpuset none /dev/cgroup
337. #
338. # They can be mounted anywhere, and different controllers
339. # can be mounted in different locations. libvirt will detect
340. # where they are located.
341. #
342. #cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ]
343.  
344. # This is the basic set of devices allowed / required by
345. # all virtual machines.
346. #
347. # As well as this, any configured block backed disks,
348. # all sound device, and all PTY devices are allowed.
349. #
350. # This will only need setting if newer QEMU suddenly
351. # wants some device we don't already know about.
352. #
353. #cgroup_device_acl = [
354. # "/dev/null", "/dev/full", "/dev/zero",
355. # "/dev/random", "/dev/urandom",
356. # "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
357. # "/dev/rtc","/dev/hpet", "/dev/vfio/vfio"
358. #]
359. #
360. # RDMA migration requires the following extra files to be added to the list:
361. # "/dev/infiniband/rdma_cm",
362. # "/dev/infiniband/issm0",
363. # "/dev/infiniband/issm1",
364. # "/dev/infiniband/umad0",
365. # "/dev/infiniband/umad1",
366. # "/dev/infiniband/uverbs0"
367.  
368.  
369. # The default format for Qemu/KVM guest save images is raw; that is, the
370. # memory from the domain is dumped out directly to a file. If you have
371. # guests with a large amount of memory, however, this can take up quite
372. # a bit of space. If you would like to compress the images while they
373. # are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz"
374. # for save_image_format. Note that this means you slow down the process of
375. # saving a domain in order to save disk space; the list above is in descending
376. # order by performance and ascending order by compression ratio.
377. #
378. # save_image_format is used when you use 'virsh save' or 'virsh managedsave'
379. # at scheduled saving, and it is an error if the specified save_image_format
380. # is not valid, or the requested compression program can't be found.
381. #
382. # dump_image_format is used when you use 'virsh dump' at emergency
383. # crashdump, and if the specified dump_image_format is not valid, or
384. # the requested compression program can't be found, this falls
385. # back to "raw" compression.
386. #
387. # snapshot_image_format specifies the compression algorithm of the memory save
388. # image when an external snapshot of a domain is taken. This does not apply
389. # on disk image format. It is an error if the specified format isn't valid,
390. # or the requested compression program can't be found.
391. #
392. #save_image_format = "raw"
393. #dump_image_format = "raw"
394. #snapshot_image_format = "raw"
395.  
396. # When a domain is configured to be auto-dumped when libvirtd receives a
397. # watchdog event from qemu guest, libvirtd will save dump files in directory
398. # specified by auto_dump_path. Default value is /var/lib/libvirt/qemu/dump
399. #
400. #auto_dump_path = "/var/lib/libvirt/qemu/dump"
401.  
402. # When a domain is configured to be auto-dumped, enabling this flag
403. # has the same effect as using the VIR_DUMP_BYPASS_CACHE flag with the
404. # virDomainCoreDump API. That is, the system will avoid using the
405. # file system cache while writing the dump file, but may cause
406. # slower operation.
407. #
408. #auto_dump_bypass_cache = 0
409.  
410. # When a domain is configured to be auto-started, enabling this flag
411. # has the same effect as using the VIR_DOMAIN_START_BYPASS_CACHE flag
412. # with the virDomainCreateWithFlags API. That is, the system will
413. # avoid using the file system cache when restoring any managed state
414. # file, but may cause slower operation.
415. #
416. #auto_start_bypass_cache = 0
417.  
418. # If provided by the host and a hugetlbfs mount point is configured,
419. # a guest may request huge page backing. When this mount point is
420. # unspecified here, determination of a host mount point in /proc/mounts
421. # will be attempted. Specifying an explicit mount overrides detection
422. # of the same in /proc/mounts. Setting the mount point to "" will
423. # disable guest hugepage backing. If desired, multiple mount points can
424. # be specified at once, separated by comma and enclosed in square
425. # brackets, for example:
426. #
427. # hugetlbfs_mount = ["/dev/hugepages2M", "/dev/hugepages1G"]
428. #
429. # The size of huge page served by specific mount point is determined by
430. # libvirt at the daemon startup.
431. #
432. # NB, within these mount points, guests will create memory backing
433. # files in a location of $MOUNTPOINT/libvirt/qemu
434. #
435. #hugetlbfs_mount = "/dev/hugepages"
436.  
437.  
438. # Path to the setuid helper for creating tap devices. This executable
439. # is used to create <source type='bridge'> interfaces when libvirtd is
440. # running unprivileged. libvirt invokes the helper directly, instead
441. # of using "-netdev bridge", for security reasons.
442. #bridge_helper = "/usr/libexec/qemu-bridge-helper"
443.  
444.  
445.  
446. # If clear_emulator_capabilities is enabled, libvirt will drop all
447. # privileged capabilities of the QEmu/KVM emulator. This is enabled by
448. # default.
449. #
450. # Warning: Disabling this option means that a compromised guest can
451. # exploit the privileges and possibly do damage to the host.
452. #
453. #clear_emulator_capabilities = 1
454.  
455.  
456. # If enabled, libvirt will have QEMU set its process name to
457. # "qemu:VM_NAME", where VM_NAME is the name of the VM. The QEMU
458. # process will appear as "qemu:VM_NAME" in process listings and
459. # other system monitoring tools. By default, QEMU does not set
460. # its process title, so the complete QEMU command (emulator and
461. # its arguments) appear in process listings.
462. #
463. #set_process_name = 1
464.  
465.  
466. # If max_processes is set to a positive integer, libvirt will use
467. # it to set the maximum number of processes that can be run by qemu
468. # user. This can be used to override default value set by host OS.
469. # The same applies to max_files which sets the limit on the maximum
470. # number of opened files.
471. #
472. #max_processes = 0
473. #max_files = 0
474.  
475. # If max_core is set to a non-zero integer, then QEMU will be
476. # permitted to create core dumps when it crashes, provided its
477. # RAM size is smaller than the limit set.
478. #
479. # Be warned that the core dump will include a full copy of the
480. # guest RAM, if the 'dump_guest_core' setting has been enabled,
481. # or if the guest XML contains
482. #
483. # <memory dumpcore="on">...guest ram...</memory>
484. #
485. # If guest RAM is to be included, ensure the max_core limit
486. # is set to at least the size of the largest expected guest
487. # plus another 1GB for any QEMU host side memory mappings.
488. #
489. # As a special case it can be set to the string "unlimited" to
490. # to allow arbitrarily sized core dumps.
491. #
492. # By default the core dump size is set to 0 disabling all dumps
493. #
494. # Size is a positive integer specifying bytes or the
495. # string "unlimited"
496. #
497. #max_core = "unlimited"
498.  
499. # Determine if guest RAM is included in QEMU core dumps. By
500. # default guest RAM will be excluded if a new enough QEMU is
501. # present. Setting this to '1' will force guest RAM to always
502. # be included in QEMU core dumps.
503. #
504. # This setting will be ignored if the guest XML has set the
505. # dumpcore attribute on the <memory> element.
506. #
507. #dump_guest_core = 1
508.  
509. # mac_filter enables MAC addressed based filtering on bridge ports.
510. # This currently requires ebtables to be installed.
511. #
512. #mac_filter = 1
513.  
514.  
515. # By default, PCI devices below non-ACS switch are not allowed to be assigned
516. # to guests. By setting relaxed_acs_check to 1 such devices will be allowed to
517. # be assigned to guests.
518. #
519. #relaxed_acs_check = 1
520.  
521.  
522. # If allow_disk_format_probing is enabled, libvirt will probe disk
523. # images to attempt to identify their format, when not otherwise
524. # specified in the XML. This is disabled by default.
525. #
526. # WARNING: Enabling probing is a security hole in almost all
527. # deployments. It is strongly recommended that users update their
528. # guest XML <disk> elements to include <driver type='XXXX'/>
529. # elements instead of enabling this option.
530. #
531. #allow_disk_format_probing = 1
532.  
533.  
534. # In order to prevent accidentally starting two domains that
535. # share one writable disk, libvirt offers two approaches for
536. # locking files. The first one is sanlock, the other one,
537. # virtlockd, is then our own implementation. Accepted values
538. # are "sanlock" and "lockd".
539. #
540. #lock_manager = "lockd"
541.  
542.  
543.  
544. # Set limit of maximum APIs queued on one domain. All other APIs
545. # over this threshold will fail on acquiring job lock. Specially,
546. # setting to zero turns this feature off.
547. # Note, that job lock is per domain.
548. #
549. #max_queued = 0
550.  
551. ###################################################################
552. # Keepalive protocol:
553. # This allows qemu driver to detect broken connections to remote
554. # libvirtd during peer-to-peer migration. A keepalive message is
555. # sent to the daemon after keepalive_interval seconds of inactivity
556. # to check if the daemon is still responding; keepalive_count is a
557. # maximum number of keepalive messages that are allowed to be sent
558. # to the daemon without getting any response before the connection
559. # is considered broken. In other words, the connection is
560. # automatically closed approximately after
561. # keepalive_interval * (keepalive_count + 1) seconds since the last
562. # message received from the daemon. If keepalive_interval is set to
563. # -1, qemu driver will not send keepalive requests during
564. # peer-to-peer migration; however, the remote libvirtd can still
565. # send them and source libvirtd will send responses. When
566. # keepalive_count is set to 0, connections will be automatically
567. # closed after keepalive_interval seconds of inactivity without
568. # sending any keepalive messages.
569. #
570. #keepalive_interval = 5
571. #keepalive_count = 5
572.  
573.  
574.  
575. # Use seccomp syscall whitelisting in QEMU.
576. # 1 = on, 0 = off, -1 = use QEMU default
577. # Defaults to -1.
578. #
579. #seccomp_sandbox = 1
580.  
581.  
582. # Override the listen address for all incoming migrations. Defaults to
583. # 0.0.0.0, or :: if both host and qemu are capable of IPv6.
584. #migration_address = "0.0.0.0"
585.  
586.  
587. # The default hostname or IP address which will be used by a migration
588. # source for transferring migration data to this host. The migration
589. # source has to be able to resolve this hostname and connect to it so
590. # setting "localhost" will not work. By default, the host's configured
591. # hostname is used.
592. #migration_host = "host.example.com"
593.  
594.  
595. # Override the port range used for incoming migrations.
596. #
597. # Minimum must be greater than 0, however when QEMU is not running as root,
598. # setting the minimum to be lower than 1024 will not work.
599. #
600. # Maximum must not be greater than 65535.
601. #
602. #migration_port_min = 49152
603. #migration_port_max = 49215
604.  
605.  
606.  
607. # Timestamp QEMU's log messages (if QEMU supports it)
608. #
609. # Defaults to 1.
610. #
611. #log_timestamp = 0
612.  
613.  
614. # Location of master nvram file
615. #
616. # When a domain is configured to use UEFI instead of standard
617. # BIOS it may use a separate storage for UEFI variables. If
618. # that's the case libvirt creates the variable store per domain
619. # using this master file as image. Each UEFI firmware can,
620. # however, have different variables store. Therefore the nvram is
621. # a list of strings when a single item is in form of:
622. # ${PATH_TO_UEFI_FW}:${PATH_TO_UEFI_VARS}.
623. # Later, when libvirt creates per domain variable store, this list is
624. # searched for the master image. The UEFI firmware can be called
625. # differently for different guest architectures. For instance, it's OVMF
626. # for x86_64 and i686, but it's AAVMF for aarch64. The libvirt default
627. # follows this scheme.
628. #nvram = [
629. # "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd",
630. # "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd",
631. # "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd"
632. #]
633.  
634. # The backend to use for handling stdout/stderr output from
635. # QEMU processes.
636. #
637. # 'file': QEMU writes directly to a plain file. This is the
638. # historical default, but allows QEMU to inflict a
639. # denial of service attack on the host by exhausting
640. # filesystem space
641. #
642. # 'logd': QEMU writes to a pipe provided by virtlogd daemon.
643. # This is the current default, providing protection
644. # against denial of service by performing log file
645. # rollover when a size limit is hit.
646. #
647. #stdio_handler = "logd"
648.  
649. # Qemu gluster libgfapi log level, debug levels are 0-9, with 9 being the
650. # most verbose, and 0 representing no debugging output.
651. #
652. # The current logging levels defined in the gluster GFAPI are:
653. #
654. # 0 - None
655. # 1 - Emergency
656. # 2 - Alert
657. # 3 - Critical
658. # 4 - Error
659. # 5 - Warning
660. # 6 - Notice
661. # 7 - Info
662. # 8 - Debug
663. # 9 - Trace
664. #
665. # Defaults to 4
666. #
667. #gluster_debug_level = 9