On 06/28/2016 09:28 AM, Daniel P. Berrange wrote: > On Tue, Jun 28, 2016 at 02:45:15PM +0200, Jiri Denemark wrote: >> Setting an empty vnc_password in qemu.conf is documented as a way to >> disable VNC access, but QEMU does not seem to behave like that. Let's >> enforce the behavior by setting password expiration to "now". > > Hmm, i wonder when they regressed that behaviour *again*. We've fixed > that in QEMU at least twice in the past. I'd like to see us explore > when this changed in QEMU and whehter we should fix it there instead. > I did some digging on this recently, see my findings here: https://bugzilla.redhat.com/show_bug.cgi?id=1180092#c5 The issue is that there's two different monitor commands at play here, and the set_password one we presently use has never had the semantics we advertise in qemu.conf, so I'm guessing something like Jiri's patch will be needed regardless - Cole -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list