Setting an empty vnc_password in qemu.conf is documented as a way to disable VNC access, but QEMU does not seem to behave like that. Let's enforce the behavior by setting password expiration to "now". Note, this has no effect on setting an empty //graphics@passwd in domain XML. Users may use //graphics@passwdValidTo to enforce the same behavior. https://bugzilla.redhat.com/show_bug.cgi?id=1180092 Signed-off-by: Jiri Denemark <jdenemar@xxxxxxxxxx> --- src/qemu/qemu_hotplug.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index e0b8230..91f48dc 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -3970,6 +3970,8 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, snprintf(expire_time, sizeof(expire_time), "now"); else snprintf(expire_time, sizeof(expire_time), "%lu", (long unsigned)auth->validTo); + } else if (!auth->passwd && defaultPasswd && defaultPasswd[0] == '\0') { + snprintf(expire_time, sizeof(expire_time), "now"); } else { snprintf(expire_time, sizeof(expire_time), "never"); } -- 2.9.0 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list