>From a security pov copy and paste between the guest and the client is not always desirable. So we need to be able to enable/disable this. The best place to do this from an administration pov is on the hypervisor, so the qemu cmdline is getting a spice disable-copy-paste option, see bug 693645. Example qemu invocation: qemu -spice port=5932,disable-ticketing,disable-copy-paste https://bugzilla.redhat.com/show_bug.cgi?id=693661 --- docs/formatdomain.html.in | 9 ++++++ docs/schemas/domain.rng | 11 +++++++ src/conf/domain_conf.c | 31 +++++++++++++++++++- src/conf/domain_conf.h | 10 ++++++ src/qemu/qemu_command.c | 2 + .../qemuxml2argv-graphics-spice.args | 2 +- .../qemuxml2argv-graphics-spice.xml | 1 + 7 files changed, 64 insertions(+), 2 deletions(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 225e0c8..e1f4168 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -1838,6 +1838,7 @@ qemu-kvm -net nic,model=? /dev/null <channel name='record' mode='insecure'/> <image compression='auto_glz'/> <streaming mode='filter'/> + <clipboard copypaste='no'/> </graphics></pre> <p> Spice supports variable compression settings for audio, @@ -1862,6 +1863,14 @@ qemu-kvm -net nic,model=? /dev/null of <code>filter</code>, <code>all</code> or <code>off</code>, <span class="since">since 0.9.2</span>. </p> + <p> + Copy & Paste functionality (via Spice agent) is set + by the <code>clipboard</code> element. It is enabled by + default, and can be disabled by setting + the <code>copypaste</code> property + to <code>no</code>, <span class="since">since + 0.9.2</span>. + </> </dd> <dt><code>"rdp"</code></dt> <dd> diff --git a/docs/schemas/domain.rng b/docs/schemas/domain.rng index 0be0371..b71778b 100644 --- a/docs/schemas/domain.rng +++ b/docs/schemas/domain.rng @@ -1379,6 +1379,17 @@ <empty/> </element> </optional> + <optional> + <element name="clipboard"> + <attribute name="copypaste"> + <choice> + <value>yes</value> + <value>no</value> + </choice> + </attribute> + <empty/> + </element> + </optional> </interleave> </group> <group> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 0d9fef4..3a0de99 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -364,6 +364,12 @@ VIR_ENUM_IMPL(virDomainGraphicsSpiceStreamingMode, "all", "off"); +VIR_ENUM_IMPL(virDomainGraphicsSpiceClipboardCopypaste, + VIR_DOMAIN_GRAPHICS_SPICE_CLIPBOARD_COPYPASTE_LAST, + "default", + "yes", + "no"); + VIR_ENUM_IMPL(virDomainHostdevMode, VIR_DOMAIN_HOSTDEV_MODE_LAST, "subsystem", "capabilities") @@ -4284,6 +4290,26 @@ virDomainGraphicsDefParseXML(xmlNodePtr node, int flags) { VIR_FREE(mode); def->data.spice.streaming = modeVal; + } else if (xmlStrEqual(cur->name, BAD_CAST "clipboard")) { + const char *copypaste = virXMLPropString(cur, "copypaste"); + int copypasteVal; + + if (!copypaste) { + virDomainReportError(VIR_ERR_XML_ERROR, "%s", + _("spice clipboard missing copypaste")); + goto error; + } + + if ((copypasteVal = + virDomainGraphicsSpiceClipboardCopypasteTypeFromString(copypaste)) <= 0) { + virDomainReportError(VIR_ERR_INTERNAL_ERROR, + _("unknown copypaste value '%s'"), copypaste); + VIR_FREE(copypaste); + goto error; + } + VIR_FREE(copypaste); + + def->data.spice.copypaste = copypasteVal; } } cur = cur->next; @@ -9209,7 +9235,7 @@ virDomainGraphicsDefFormat(virBufferPtr buf, } if (!children && (def->data.spice.image || def->data.spice.jpeg || def->data.spice.zlib || def->data.spice.playback || - def->data.spice.streaming)) { + def->data.spice.streaming || def->data.spice.copypaste)) { virBufferAddLit(buf, ">\n"); children = 1; } @@ -9228,6 +9254,9 @@ virDomainGraphicsDefFormat(virBufferPtr buf, if (def->data.spice.streaming) virBufferAsprintf(buf, " <streaming mode='%s'/>\n", virDomainGraphicsSpiceStreamingModeTypeToString(def->data.spice.streaming)); + if (def->data.spice.copypaste) + virBufferAsprintf(buf, " <clipboard copypaste='%s'/>\n", + virDomainGraphicsSpiceClipboardCopypasteTypeToString(def->data.spice.copypaste)); } if (children) { diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 41c8136..3ef48d1 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -715,6 +715,14 @@ enum virDomainGraphicsSpiceStreamingMode { VIR_DOMAIN_GRAPHICS_SPICE_STREAMING_MODE_LAST }; +enum virDomainGraphicsSpiceClipboardCopypaste { + VIR_DOMAIN_GRAPHICS_SPICE_CLIPBOARD_COPYPASTE_DEFAULT = 0, + VIR_DOMAIN_GRAPHICS_SPICE_CLIPBOARD_COPYPASTE_YES, + VIR_DOMAIN_GRAPHICS_SPICE_CLIPBOARD_COPYPASTE_NO, + + VIR_DOMAIN_GRAPHICS_SPICE_CLIPBOARD_COPYPASTE_LAST +}; + typedef struct _virDomainGraphicsDef virDomainGraphicsDef; typedef virDomainGraphicsDef *virDomainGraphicsDefPtr; struct _virDomainGraphicsDef { @@ -757,6 +765,7 @@ struct _virDomainGraphicsDef { int zlib; int playback; int streaming; + int copypaste; } spice; } data; }; @@ -1553,6 +1562,7 @@ VIR_ENUM_DECL(virDomainGraphicsSpiceJpegCompression) VIR_ENUM_DECL(virDomainGraphicsSpiceZlibCompression) VIR_ENUM_DECL(virDomainGraphicsSpicePlaybackCompression) VIR_ENUM_DECL(virDomainGraphicsSpiceStreamingMode) +VIR_ENUM_DECL(virDomainGraphicsSpiceClipboardCopypaste) /* from libvirt.h */ VIR_ENUM_DECL(virDomainState) VIR_ENUM_DECL(virDomainNostateReason) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index ef2d002..f669dda 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -4043,6 +4043,8 @@ qemuBuildCommandLine(virConnectPtr conn, if (def->graphics[0]->data.spice.streaming) virBufferAsprintf(&opt, ",streaming-video=%s", virDomainGraphicsSpiceStreamingModeTypeToString(def->graphics[0]->data.spice.streaming)); + if (def->graphics[0]->data.spice.copypaste == VIR_DOMAIN_GRAPHICS_SPICE_CLIPBOARD_COPYPASTE_NO) + virBufferAddLit(&opt, ",disable-copy-paste"); virCommandAddArg(cmd, "-spice"); virCommandAddArgBuffer(cmd, &opt); diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.args b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.args index 084a100..c9fdb99 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.args +++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.args @@ -4,6 +4,6 @@ unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda \ /dev/HostVG/QEMUGuest1 -usb -spice port=5903,tls-port=5904,addr=127.0.0.1,\ x509-dir=/etc/pki/libvirt-spice,tls-channel=main,plaintext-channel=inputs,\ image-compression=auto_glz,jpeg-wan-compression=auto,zlib-glz-wan-compression=auto,\ -playback-compression=on,streaming-video=filter -vga \ +playback-compression=on,streaming-video=filter,disable-copy-paste -vga \ qxl -global qxl.vram_size=18874368 -device qxl,id=video1,vram_size=33554432,bus=pci.0,addr=0x4 \ -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml index 0d3dd48..79780c6 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml +++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml @@ -29,6 +29,7 @@ <zlib compression='auto'/> <playback compression='on'/> <streaming mode='filter'/> + <clipboard copypaste='no'/> </graphics> <video> <model type='qxl' vram='18432' heads='1'/> -- 1.7.5.2 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list