Re: [PATCH v3 12/14] spice: introduce spice_auto_unix_socket config option

[Cole Robinson <crobinso@xxxxxxxxxx>]

On 05/12/2016 11:15 AM, Pavel Hrdina wrote:
> Signed-off-by: Pavel Hrdina <phrdina@xxxxxxxxxx>
> ---
>  src/qemu/libvirtd_qemu.aug                         |  1 +
>  src/qemu/qemu.conf                                 | 11 +++++++
>  src/qemu/qemu_conf.c                               |  1 +
>  src/qemu/qemu_conf.h                               |  1 +
>  src/qemu/qemu_process.c                            |  4 +++
>  src/qemu/test_libvirtd_qemu.aug.in                 |  1 +
>  ...emuxml2argv-graphics-spice-auto-socket-cfg.args | 20 +++++++++++++
>  ...qemuxml2argv-graphics-spice-auto-socket-cfg.xml | 30 +++++++++++++++++++
>  tests/qemuxml2argvtest.c                           |  5 ++++
>  ...muxml2xmlout-graphics-spice-auto-socket-cfg.xml | 35 ++++++++++++++++++++++
>  tests/qemuxml2xmltest.c                            |  4 +++
>  11 files changed, 113 insertions(+)
>  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-auto-socket-cfg.args
>  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-auto-socket-cfg.xml
>  create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-graphics-spice-auto-socket-cfg.xml
> 
> diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
> index b6f6dc4..8bc23ba 100644
> --- a/src/qemu/libvirtd_qemu.aug
> +++ b/src/qemu/libvirtd_qemu.aug
> @@ -37,6 +37,7 @@ module Libvirtd_qemu =
>     let spice_entry = str_entry "spice_listen"
>                   | bool_entry "spice_tls"
>                   | str_entry  "spice_tls_x509_cert_dir"
> +                 | bool_entry "spice_auto_unix_socket"
>                   | str_entry "spice_password"
>                   | bool_entry "spice_sasl"
>                   | str_entry "spice_sasl_dir"
> diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
> index 59c839e..4ac6fc9 100644
> --- a/src/qemu/qemu.conf
> +++ b/src/qemu/qemu.conf
> @@ -130,6 +130,17 @@
>  #spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"
>  
>  
> +# Enable this option to have SPICE served over an automatically created
> +# unix socket. This prevents unprivileged access from users on the
> +# host machine, though most SPICE clients do not support it.
> +#
> +# This will only be enabled for SPICE configurations that have listen
> +# type=address but without any address specified. This setting takes
> +# preference over spice_listen.
> +#
> +#spice_auto_unix_socket = 1
> +
> +

Actually the comment about 'Most XXX clients' is wrong...
virt-viewer/spice-gtk as the most common spice client does support it :) I
think I made the same mistake in my old patch too

>  # The default SPICE password. This parameter is only used if the
>  # per-domain XML config does not already provide a password. To
>  # allow access without passwords, leave this commented out. An
> diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
> index e00ddca..d4c34c9 100644
> --- a/src/qemu/qemu_conf.c
> +++ b/src/qemu/qemu_conf.c
> @@ -588,6 +588,7 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
>      GET_VALUE_STR("spice_sasl_dir", cfg->spiceSASLdir);
>      GET_VALUE_STR("spice_listen", cfg->spiceListen);
>      GET_VALUE_STR("spice_password", cfg->spicePassword);
> +    GET_VALUE_BOOL("spice_auto_unix_socket", cfg->spiceAutoUnixSocket);
>  
>  
>      GET_VALUE_ULONG("remote_websocket_port_min", cfg->webSocketPortMin);
> diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
> index a714b84..c94bf13 100644
> --- a/src/qemu/qemu_conf.h
> +++ b/src/qemu/qemu_conf.h
> @@ -123,6 +123,7 @@ struct _virQEMUDriverConfig {
>      char *spiceSASLdir;
>      char *spiceListen;
>      char *spicePassword;
> +    bool spiceAutoUnixSocket;
>  
>      int remotePortMin;
>      int remotePortMax;
> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index 21c2db2..05ddb32 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c
> @@ -4438,7 +4438,11 @@ qemuProcessGraphicsListenGenerate(virDomainObjPtr vm,
>          break;
>  
>      case VIR_DOMAIN_GRAPHICS_TYPE_SPICE:
> +        if (cfg->spiceAutoUnixSocket) {
> +            autoSocket = true;
> +        } else {
>              listenAddr = cfg->spiceListen;
> +        }
>          break;
>  
>      case VIR_DOMAIN_GRAPHICS_TYPE_SDL:
> diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in
> index 8bec743..c4d4f19 100644
> --- a/src/qemu/test_libvirtd_qemu.aug.in
> +++ b/src/qemu/test_libvirtd_qemu.aug.in
> @@ -14,6 +14,7 @@ module Test_libvirtd_qemu =
>  { "spice_listen" = "0.0.0.0" }
>  { "spice_tls" = "1" }
>  { "spice_tls_x509_cert_dir" = "/etc/pki/libvirt-spice" }
> +{ "spice_auto_unix_socket" = "1" }
>  { "spice_password" = "XYZ12345" }
>  { "spice_sasl" = "1" }
>  { "spice_sasl_dir" = "/some/directory/sasl2" }
> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-auto-socket-cfg.args b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-auto-socket-cfg.args
> new file mode 100644
> index 0000000..61335b0
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-auto-socket-cfg.args
> @@ -0,0 +1,20 @@
> +LC_ALL=C \
> +PATH=/bin \
> +HOME=/home/test \
> +USER=test \
> +LOGNAME=test \
> +QEMU_AUDIO_DRV=spice \
> +/usr/bin/qemu \
> +-name QEMUGuest1 \
> +-S \
> +-M pc \
> +-m 214 \
> +-smp 1 \
> +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
> +-nodefaults \
> +-monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \
> +-no-acpi \
> +-boot c \
> +-usb \
> +-spice unix,addr=/tmp/lib/domain--1-QEMUGuest1/spice.sock \
> +-vga cirrus
> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-auto-socket-cfg.xml b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-auto-socket-cfg.xml
> new file mode 100644
> index 0000000..ff155c3
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-auto-socket-cfg.xml
> @@ -0,0 +1,30 @@
> +<domain type='qemu'>
> +  <name>QEMUGuest1</name>
> +  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
> +  <memory unit='KiB'>219100</memory>
> +  <currentMemory unit='KiB'>219100</currentMemory>
> +  <vcpu placement='static'>1</vcpu>
> +  <os>
> +    <type arch='i686' machine='pc'>hvm</type>
> +    <boot dev='hd'/>
> +  </os>
> +  <clock offset='utc'/>
> +  <on_poweroff>destroy</on_poweroff>
> +  <on_reboot>restart</on_reboot>
> +  <on_crash>destroy</on_crash>
> +  <devices>
> +    <emulator>/usr/bin/qemu</emulator>
> +    <controller type='usb' index='0'/>
> +    <controller type='ide' index='0'/>
> +    <controller type='pci' index='0' model='pci-root'/>
> +    <input type='mouse' bus='ps2'/>
> +    <input type='keyboard' bus='ps2'/>
> +    <graphics type='spice'>
> +      <listen type='socket' socket='/tmp/lib/domain-99-QEMUGuest1/delete.this.socket'/>
> +    </graphics>
> +    <video>
> +      <model type='cirrus' vram='16384' heads='1'/>
> +    </video>
> +    <memballoon model='none'/>
> +  </devices>
> +</domain>
> diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
> index a3651c9..f046060 100644
> --- a/tests/qemuxml2argvtest.c
> +++ b/tests/qemuxml2argvtest.c
> @@ -950,6 +950,11 @@ mymain(void)
>      DO_TEST("graphics-spice-auto-socket",
>              QEMU_CAPS_SPICE,
>              QEMU_CAPS_SPICE_UNIX);
> +    driver.config->spiceAutoUnixSocket = true;
> +    DO_TEST("graphics-spice-auto-socket-cfg",
> +            QEMU_CAPS_SPICE,
> +            QEMU_CAPS_SPICE_UNIX);
> +    driver.config->spiceAutoUnixSocket = false;
>  
>      DO_TEST("input-usbmouse", NONE);
>      DO_TEST("input-usbtablet", NONE);
> diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-graphics-spice-auto-socket-cfg.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-graphics-spice-auto-socket-cfg.xml
> new file mode 100644
> index 0000000..931ec0f
> --- /dev/null
> +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-graphics-spice-auto-socket-cfg.xml
> @@ -0,0 +1,35 @@
> +<domain type='qemu'>
> +  <name>QEMUGuest1</name>
> +  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
> +  <memory unit='KiB'>219100</memory>
> +  <currentMemory unit='KiB'>219100</currentMemory>
> +  <vcpu placement='static'>1</vcpu>
> +  <os>
> +    <type arch='i686' machine='pc'>hvm</type>
> +    <boot dev='hd'/>
> +  </os>
> +  <clock offset='utc'/>
> +  <on_poweroff>destroy</on_poweroff>
> +  <on_reboot>restart</on_reboot>
> +  <on_crash>destroy</on_crash>
> +  <devices>
> +    <emulator>/usr/bin/qemu</emulator>
> +    <controller type='usb' index='0'>
> +      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
> +    </controller>
> +    <controller type='ide' index='0'>
> +      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
> +    </controller>
> +    <controller type='pci' index='0' model='pci-root'/>
> +    <input type='mouse' bus='ps2'/>
> +    <input type='keyboard' bus='ps2'/>
> +    <graphics type='spice'>
> +      <listen type='socket'/>
> +    </graphics>
> +    <video>
> +      <model type='cirrus' vram='16384' heads='1' primary='yes'/>
> +      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
> +    </video>
> +    <memballoon model='none'/>
> +  </devices>
> +</domain>
> diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
> index 49bf557..9db7ddd 100644
> --- a/tests/qemuxml2xmltest.c
> +++ b/tests/qemuxml2xmltest.c
> @@ -449,6 +449,10 @@ mymain(void)
>      DO_TEST("graphics-spice-qxl-vga");
>      DO_TEST("graphics-spice-socket");
>      DO_TEST("graphics-spice-auto-socket");
> +    cfg->spiceAutoUnixSocket = true;
> +    DO_TEST_FULL("graphics-spice-auto-socket-cfg", WHEN_INACTIVE, NONE);
> +    cfg->spiceAutoUnixSocket = false;
> +
>      DO_TEST("nographics-vga");
>      DO_TEST("input-usbmouse");
>      DO_TEST("input-usbtablet");
> 

This should also be testing that <graphics type='spice'/> fills in a socket
value as well, we shouldn't only be testing the bare <listen type='socket'/> case

- Cole

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list