[PATCH v5 4/6] spice: introduce spice_auto_unix_socket config option

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Signed-off-by: Pavel Hrdina <phrdina@xxxxxxxxxx>
---
 src/qemu/libvirtd_qemu.aug                         |  1 +
 src/qemu/qemu.conf                                 | 11 +++++++
 src/qemu/qemu_conf.c                               |  1 +
 src/qemu/qemu_conf.h                               |  1 +
 src/qemu/qemu_process.c                            |  1 +
 src/qemu/test_libvirtd_qemu.aug.in                 |  1 +
 ...emuxml2argv-graphics-spice-auto-socket-cfg.args | 20 +++++++++++++
 ...qemuxml2argv-graphics-spice-auto-socket-cfg.xml | 30 +++++++++++++++++++
 tests/qemuxml2argvtest.c                           |  5 ++++
 ...muxml2xmlout-graphics-spice-auto-socket-cfg.xml | 35 ++++++++++++++++++++++
 tests/qemuxml2xmltest.c                            |  4 +++
 11 files changed, 110 insertions(+)
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-auto-socket-cfg.args
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-auto-socket-cfg.xml
 create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-graphics-spice-auto-socket-cfg.xml

diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index b6f6dc4..8bc23ba 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -37,6 +37,7 @@ module Libvirtd_qemu =
    let spice_entry = str_entry "spice_listen"
                  | bool_entry "spice_tls"
                  | str_entry  "spice_tls_x509_cert_dir"
+                 | bool_entry "spice_auto_unix_socket"
                  | str_entry "spice_password"
                  | bool_entry "spice_sasl"
                  | str_entry "spice_sasl_dir"
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 59c839e..7964273 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -130,6 +130,17 @@
 #spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"
 
 
+# Enable this option to have SPICE served over an automatically created
+# unix socket. This prevents unprivileged access from users on the
+# host machine.
+#
+# This will only be enabled for SPICE configurations that have listen
+# type=address but without any address specified. This setting takes
+# preference over spice_listen.
+#
+#spice_auto_unix_socket = 1
+
+
 # The default SPICE password. This parameter is only used if the
 # per-domain XML config does not already provide a password. To
 # allow access without passwords, leave this commented out. An
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index e00ddca..d4c34c9 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -588,6 +588,7 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
     GET_VALUE_STR("spice_sasl_dir", cfg->spiceSASLdir);
     GET_VALUE_STR("spice_listen", cfg->spiceListen);
     GET_VALUE_STR("spice_password", cfg->spicePassword);
+    GET_VALUE_BOOL("spice_auto_unix_socket", cfg->spiceAutoUnixSocket);
 
 
     GET_VALUE_ULONG("remote_websocket_port_min", cfg->webSocketPortMin);
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index a714b84..c94bf13 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -123,6 +123,7 @@ struct _virQEMUDriverConfig {
     char *spiceSASLdir;
     char *spiceListen;
     char *spicePassword;
+    bool spiceAutoUnixSocket;
 
     int remotePortMin;
     int remotePortMax;
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 3389174..f74226d 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -4032,6 +4032,7 @@ qemuProcessGraphicsSetupListen(virQEMUDriverConfigPtr cfg,
         break;
 
     case VIR_DOMAIN_GRAPHICS_TYPE_SPICE:
+        useSocket = cfg->spiceAutoUnixSocket;
         listenAddr = cfg->spiceListen;
         break;
 
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in
index 8bec743..c4d4f19 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -14,6 +14,7 @@ module Test_libvirtd_qemu =
 { "spice_listen" = "0.0.0.0" }
 { "spice_tls" = "1" }
 { "spice_tls_x509_cert_dir" = "/etc/pki/libvirt-spice" }
+{ "spice_auto_unix_socket" = "1" }
 { "spice_password" = "XYZ12345" }
 { "spice_sasl" = "1" }
 { "spice_sasl_dir" = "/some/directory/sasl2" }
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-auto-socket-cfg.args b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-auto-socket-cfg.args
new file mode 100644
index 0000000..61335b0
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-auto-socket-cfg.args
@@ -0,0 +1,20 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/home/test \
+USER=test \
+LOGNAME=test \
+QEMU_AUDIO_DRV=spice \
+/usr/bin/qemu \
+-name QEMUGuest1 \
+-S \
+-M pc \
+-m 214 \
+-smp 1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-nodefaults \
+-monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \
+-no-acpi \
+-boot c \
+-usb \
+-spice unix,addr=/tmp/lib/domain--1-QEMUGuest1/spice.sock \
+-vga cirrus
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-auto-socket-cfg.xml b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-auto-socket-cfg.xml
new file mode 100644
index 0000000..f2e3d12
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-auto-socket-cfg.xml
@@ -0,0 +1,30 @@
+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>219100</memory>
+  <currentMemory unit='KiB'>219100</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu</emulator>
+    <controller type='usb' index='0'/>
+    <controller type='ide' index='0'/>
+    <controller type='pci' index='0' model='pci-root'/>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <graphics type='spice' autoport='yes'>
+      <listen type='address'/>
+    </graphics>
+    <video>
+      <model type='cirrus' vram='16384' heads='1'/>
+    </video>
+    <memballoon model='none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 980ed2c..a2920df 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -972,6 +972,11 @@ mymain(void)
     DO_TEST("graphics-spice-auto-socket",
             QEMU_CAPS_SPICE,
             QEMU_CAPS_SPICE_UNIX);
+    driver.config->spiceAutoUnixSocket = true;
+    DO_TEST("graphics-spice-auto-socket-cfg",
+            QEMU_CAPS_SPICE,
+            QEMU_CAPS_SPICE_UNIX);
+    driver.config->spiceAutoUnixSocket = false;
 
     DO_TEST("input-usbmouse", NONE);
     DO_TEST("input-usbtablet", NONE);
diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-graphics-spice-auto-socket-cfg.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-graphics-spice-auto-socket-cfg.xml
new file mode 100644
index 0000000..7548184
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-graphics-spice-auto-socket-cfg.xml
@@ -0,0 +1,35 @@
+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>219100</memory>
+  <currentMemory unit='KiB'>219100</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu</emulator>
+    <controller type='usb' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+    </controller>
+    <controller type='ide' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+    </controller>
+    <controller type='pci' index='0' model='pci-root'/>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <graphics type='spice' autoport='yes'>
+      <listen type='address'/>
+    </graphics>
+    <video>
+      <model type='cirrus' vram='16384' heads='1' primary='yes'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+    </video>
+    <memballoon model='none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 87fbb0a..49c1d43 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -444,6 +444,10 @@ mymain(void)
     DO_TEST("graphics-spice-qxl-vga");
     DO_TEST("graphics-spice-socket");
     DO_TEST("graphics-spice-auto-socket");
+    cfg->spiceAutoUnixSocket = true;
+    DO_TEST("graphics-spice-auto-socket-cfg");
+    cfg->spiceAutoUnixSocket = false;
+
     DO_TEST("nographics-vga");
     DO_TEST("input-usbmouse");
     DO_TEST("input-usbtablet");
-- 
2.8.3

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]