Looking for documentation libvirt required ACLs for storage and related

Have been tussling with this on/off for about a year now, finally want to put this to rest.

For the longest time, I’ve never wanted to use the default storage pool/location (/var/lib/libvirt/images.

The problem is that if I either change or add a new storage location in a subdirectory of /home I run into a variety of anomalies, inconsistent in that it might work one day but not the next. I only <suspect> this may have something to do with the fact there are two different “Create VM” apps (eg from the KDE System menu, a different one with “chrome windows” launched from virt-manager) but although the first method launching from the KDE menu only works intermittently,the second never works with non-default storage.

Cloning is affected the worst. At the moment, it’s greyed out using all GUI tools, curiously, I can still clone using the command line (virt-clone).

Also from the following you can see that these disk files which have largely been created with libvirt have different file permissions. Note the qemu/qemu file was created by cloning using the CLI.

# ls -l
total 41783012
-rw-r--r-- 1 root root        1243 Nov 22 07:33 Cloudstack_opensuse12.2.orig.xml
-rwxr-xr-x 1 qemu qemu  8589934592 Jan 22 17:49 disk0_cloudstack-clone.raw
-rwxr-xr-x 1 root root  8589934592 Jan 19 13:25 disk0_cloudstack.raw
-rwxr-xr-x 1 root root  8589934592 Jan 22 16:58 disk0_openstack2.raw
-rwxr-xr-x 1 root root  8589934592 Jan 22 15:14 disk0_openstack.raw
-rwxr-xr-x 1 root root  8589934592 Nov 21 10:11 disk0.raw
-rw------- 1 root root  8589934592 Jan 22 09:38 disk0_server.raw
-rw------- 1 root root  8589934592 Dec 29 16:59 disk1.raw
-rw------- 1 root root  8589934592 Nov 21 11:12 disk1_server2.raw
-rw------- 1 root root  8589934592 Nov 21 13:07 disk_desktop.raw
-rwxr-xr-x 1 root root  8589934592 Nov 21 10:36 disk_server.raw
-rw-r--r-- 1 root root        1275 Nov 21 11:32 opensuse12-2DesktopBase.orig.xml
-rw-r--r-- 1 root root        1239 Nov 21 16:51 opensuse12.2_serverbase.orig.xml
-rw-r--r-- 1 root root        1263 Nov 21 11:04 opensuse12.orig.xml
-rw-r--r-- 1 root root        1228 Nov 21 16:19 opensuseDesktop12-2.orig.xml

So, at the moment it’s obvious there is a lot to chew on, but I really need <technical documentation> to understand how libvirt uses ACLs to configure storage pools/directories and although virt-install and virt-manager are supposed to be running with root permissions there seems to be more happening than what is obvious.