On 01/14/2011 09:26 AM, Cole Robinson wrote:
> On 01/13/2011 08:21 AM, Daniel P. Berrange wrote:
>> On Wed, Jan 12, 2011 at 12:32:44PM -0500, Cole Robinson wrote:
>>> If vnc_auto_unix_socket is enabled, any VNC devices without a hardcoded
>>> listen or socket value will be setup to serve over a unix socket in
>>> /var/lib/libvirt/qemu/$vmname.vnc.
>>>
>>> We store the generated socket path in the transient VM definition at
>>> CLI build time.
>>>
>>> Signed-off-by: Cole Robinson <crobinso@xxxxxxxxxx>
>>> ---
>>> src/qemu/qemu.conf | 8 ++++++++
>>> src/qemu/qemu_command.c | 10 +++++++++-
>>> src/qemu/qemu_conf.c | 4 ++++
>>> src/qemu/qemu_conf.h | 1 +
>>> 4 files changed, 22 insertions(+), 1 deletions(-)
>>
>> Also needs to change the 2 augeas data files in the
>> qemu directory.
>>
>>> diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
>>> index ba41f80..ae6136f 100644
>>> --- a/src/qemu/qemu.conf
>>> +++ b/src/qemu/qemu.conf
>>> @@ -11,6 +11,14 @@
>>> #
>>> # vnc_listen = "0.0.0.0"
>>>
>>> +# Enable this option to have VNC served over an automatically created
>>> +# unix socket. This prevents unprivileged access from users on the
>>> +# host machine, though most VNC clients do not support it.
>>> +#
>>> +# This will only be enabled for VNC configurations that do not have
>>> +# a hardcoded 'listen' or 'socket' value.
>>> +#
>>> +# vnc_auto_unix_socket = 1
>>
>> We likely need to indicate in here which of 'vnc_auto_unix_socket'
>> and 'vnc_listen' take priority if both are enabled, since they
>> are mutually exclusive. It looks like vnc_listen is totally
>> ignored, if auto_unix_socket is set.
>>
>>> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
>>> index 8e86f43..5015935 100644
>>> --- a/src/qemu/qemu_command.c
>>> +++ b/src/qemu/qemu_command.c
>>> @@ -3512,7 +3512,15 @@ qemuBuildCommandLine(virConnectPtr conn,
>>> def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC) {
>>> virBuffer opt = VIR_BUFFER_INITIALIZER;
>>>
>>> - if (def->graphics[0]->data.vnc.socket) {
>>> + if (def->graphics[0]->data.vnc.socket ||
>>> + driver->vncAutoUnixSocket) {
>>> +
>>> + if (!def->graphics[0]->data.vnc.socket &&
>>> + virAsprintf(&def->graphics[0]->data.vnc.socket,
>>> + "%s/%s.vnc", driver->libDir, def->name) == -1) {
>>> + goto no_memory;
>>> + }
>>> +
>>> virBufferVSprintf(&opt, "unix:%s",
>>> def->graphics[0]->data.vnc.socket);
>>>
>>> diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
>>> index e1502dc..9f9e99e 100644
>>> --- a/src/qemu/qemu_conf.c
>>> +++ b/src/qemu/qemu_conf.c
>>> @@ -138,6 +138,10 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
>>> return -1; \
>>> }
>>>
>>> + p = virConfGetValue (conf, "vnc_auto_unix_socket");
>>> + CHECK_TYPE ("vnc_auto_unix_socket", VIR_CONF_LONG);
>>> + if (p) driver->vncAutoUnixSocket = p->l;
>>> +
>>> p = virConfGetValue (conf, "vnc_tls");
>>> CHECK_TYPE ("vnc_tls", VIR_CONF_LONG);
>>> if (p) driver->vncTLS = p->l;
>>> diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
>>> index 5a5748b..af1be2e 100644
>>> --- a/src/qemu/qemu_conf.h
>>> +++ b/src/qemu/qemu_conf.h
>>> @@ -82,6 +82,7 @@ struct qemud_driver {
>>> char *cacheDir;
>>> char *saveDir;
>>> char *snapshotDir;
>>> + unsigned int vncAutoUnixSocket : 1;
>>> unsigned int vncTLS : 1;
>>> unsigned int vncTLSx509verify : 1;
>>> unsigned int vncSASL : 1;
>>
>
> Here's the diff:
>
> diff --git a/daemon/test_libvirtd.aug b/daemon/test_libvirtd.aug
> index 5f8b644..31fa643 100644
> --- a/daemon/test_libvirtd.aug
> +++ b/daemon/test_libvirtd.aug
> @@ -271,6 +271,9 @@ log_filters=\"a\"
>
> # Auditing:
> audit_level = 2
> +
> +# VNC socket
> +vnc_auto_unix_socket = 1
> "
>
> test Libvirtd.lns get conf =
> @@ -549,3 +552,6 @@ audit_level = 2
> { "#empty" }
> { "#comment" = "Auditing:" }
> { "audit_level" = "2" }
> + { "#empty" }
> + { "#comment" = "VNC socket:" }
> + { "vnc_auto_unix_socket" = "1" }
> diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
> index ae6136f..66310d4 100644
> --- a/src/qemu/qemu.conf
> +++ b/src/qemu/qemu.conf
> @@ -16,7 +16,8 @@
> # host machine, though most VNC clients do not support it.
> #
> # This will only be enabled for VNC configurations that do not have
> -# a hardcoded 'listen' or 'socket' value.
> +# a hardcoded 'listen' or 'socket' value. This setting takes preference
> +# over vnc_listen.
> #
> # vnc_auto_unix_socket = 1
>
>
> Anyone have a preference over 'socket' for the XML attribute, or should
> I just push?
>
I've pushed this series now (though I forgot to squash in the above diff, so
it was pushed as a separate commit. Sorry :( )
- Cole
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list