On Tue, Jun 28, 2016 at 02:45:15PM +0200, Jiri Denemark wrote: > Setting an empty vnc_password in qemu.conf is documented as a way to > disable VNC access, but QEMU does not seem to behave like that. Let's > enforce the behavior by setting password expiration to "now". Hmm, i wonder when they regressed that behaviour *again*. We've fixed that in QEMU at least twice in the past. I'd like to see us explore when this changed in QEMU and whehter we should fix it there instead. Also, this is probably classified as needing a CVE, since previous regressions in this area were recorded security issues IIRC. Which again means we need to investigate just when this behavioural change happened. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list