# vmsigd.conf — vmsig management daemon configuration.
# Installed as a dpkg conffile (operator edits are preserved across upgrades).

# Control listener the consumer dials. '@' prefix => abstract namespace.
socket   = /run/vmsig/vmsigd.sock

# Discovery namespace: a VM is managed iff its guest-RAM backing file appears here as
# vm-<vmid>-ram. The daemon owns this directory (created at boot via tmpfiles).
watch    = /dev/shm/vmsig

# Inventory source of truth (read on demand; not watched) and the QMP socket directory.
pve_conf = /etc/pve/qemu-server
qmp_dir  = /var/run/qemu-server

# vmid<->endpoint slot persistence (tmpfs; re-derived per daemon restart). "" => off.
slots    = /dev/shm/vmsig/.slots

# ---- Admission policy: one [grant uid=N] stanza per local uid. -----------------------
# Entitlements are COARSE (the control enforces per-user caps behind the grant). `vmids`
# is either `*` (all VMs) or a list of vmids; it is translated to endpoint bits at connect
# time. `caps` is a comma list of: observe,input,lifecycle,power,vm,memctx,memwrite,roster.
#
# Example (edit before enabling the service):
# [grant uid=0]
# vmids    = *
# caps     = observe,input,lifecycle,power,vm,memctx,memwrite,roster
# arb_prio = 100