On Wed, Jan 12, 2011 at 12:32:44PM -0500, Cole Robinson wrote:
> If vnc_auto_unix_socket is enabled, any VNC devices without a hardcoded
> listen or socket value will be setup to serve over a unix socket in
> /var/lib/libvirt/qemu/$vmname.vnc.
>
> We store the generated socket path in the transient VM definition at
> CLI build time.
>
> Signed-off-by: Cole Robinson <crobinso@xxxxxxxxxx>
> ---
> src/qemu/qemu.conf | 8 ++++++++
> src/qemu/qemu_command.c | 10 +++++++++-
> src/qemu/qemu_conf.c | 4 ++++
> src/qemu/qemu_conf.h | 1 +
> 4 files changed, 22 insertions(+), 1 deletions(-)
Also needs to change the 2 augeas data files in the
qemu directory.
> diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
> index ba41f80..ae6136f 100644
> --- a/src/qemu/qemu.conf
> +++ b/src/qemu/qemu.conf
> @@ -11,6 +11,14 @@
> #
> # vnc_listen = "0.0.0.0"
>
> +# Enable this option to have VNC served over an automatically created
> +# unix socket. This prevents unprivileged access from users on the
> +# host machine, though most VNC clients do not support it.
> +#
> +# This will only be enabled for VNC configurations that do not have
> +# a hardcoded 'listen' or 'socket' value.
> +#
> +# vnc_auto_unix_socket = 1
We likely need to indicate in here which of 'vnc_auto_unix_socket'
and 'vnc_listen' take priority if both are enabled, since they
are mutually exclusive. It looks like vnc_listen is totally
ignored, if auto_unix_socket is set.
> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> index 8e86f43..5015935 100644
> --- a/src/qemu/qemu_command.c
> +++ b/src/qemu/qemu_command.c
> @@ -3512,7 +3512,15 @@ qemuBuildCommandLine(virConnectPtr conn,
> def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC) {
> virBuffer opt = VIR_BUFFER_INITIALIZER;
>
> - if (def->graphics[0]->data.vnc.socket) {
> + if (def->graphics[0]->data.vnc.socket ||
> + driver->vncAutoUnixSocket) {
> +
> + if (!def->graphics[0]->data.vnc.socket &&
> + virAsprintf(&def->graphics[0]->data.vnc.socket,
> + "%s/%s.vnc", driver->libDir, def->name) == -1) {
> + goto no_memory;
> + }
> +
> virBufferVSprintf(&opt, "unix:%s",
> def->graphics[0]->data.vnc.socket);
>
> diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
> index e1502dc..9f9e99e 100644
> --- a/src/qemu/qemu_conf.c
> +++ b/src/qemu/qemu_conf.c
> @@ -138,6 +138,10 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
> return -1; \
> }
>
> + p = virConfGetValue (conf, "vnc_auto_unix_socket");
> + CHECK_TYPE ("vnc_auto_unix_socket", VIR_CONF_LONG);
> + if (p) driver->vncAutoUnixSocket = p->l;
> +
> p = virConfGetValue (conf, "vnc_tls");
> CHECK_TYPE ("vnc_tls", VIR_CONF_LONG);
> if (p) driver->vncTLS = p->l;
> diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
> index 5a5748b..af1be2e 100644
> --- a/src/qemu/qemu_conf.h
> +++ b/src/qemu/qemu_conf.h
> @@ -82,6 +82,7 @@ struct qemud_driver {
> char *cacheDir;
> char *saveDir;
> char *snapshotDir;
> + unsigned int vncAutoUnixSocket : 1;
> unsigned int vncTLS : 1;
> unsigned int vncTLSx509verify : 1;
> unsigned int vncSASL : 1;
Regards,
Daniel
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list