doc: Fix doc and clarify how to use libvirt as unprivileged user.

* doc/guix.texi (Virtualization Services): Document the necessity of being
part of the "libvirt" group and augment example.  Remove extraneous
"(unix-sock-group "libvirt")" from example, as this is now the default value.
Update default documented value from "root" to "libvirt".

Fixes: https://issues.guix.gnu.org/34611
Reported-by: Brett Gilio <brettg@posteo.net>
Change-Id: I5fe17706f69db55fbd661e0a43115c56d0ffd9a9

1 files changed, 11 insertions, 4 deletions

diff --git a/doc/guix.texi b/doc/guix.texi
index bc04bb8150..3002cdfa13 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -35174,17 +35174,24 @@ services.
 @subsubheading Libvirt daemon
 
 @code{libvirtd} is the server side daemon component of the libvirt
-virtualization management system.  This daemon runs on host servers
-and performs required management tasks for virtualized guests.
+virtualization management system.  This daemon runs on host servers and
+performs required management tasks for virtualized guests.  To connect
+to the libvirt daemon as an unprivileged user, it must be added to the
+@samp{libvirt} group, as shown in the example below.
 
 @defvar libvirt-service-type
 This is the type of the @uref{https://libvirt.org, libvirt daemon}.
 Its value must be a @code{libvirt-configuration}.
 
 @lisp
+(users (cons (user-account
+              (name "user")
+              (group "users")
+              (supplementary-groups '("libvirt"
+                                      "audio" "video" "wheel")))
+             %base-user-accounts))
 (service libvirt-service-type
          (libvirt-configuration
-          (unix-sock-group "libvirt")
           (tls-port "16555")))
 @end lisp
 @end defvar
@@ -35266,7 +35273,7 @@ UNIX domain socket group ownership.  This can be used to allow a
 'trusted' set of users access to management capabilities without
 becoming root.
 
-Defaults to @samp{"root"}.
+Defaults to @samp{"libvirt"}.
 
 @end deftypevr