On Wed, Feb 15, 2012 at 09:59:57AM -0500, Dave Allan wrote: > On Wed, Feb 15, 2012 at 10:08:24AM +0100, Christophe Fergeau wrote: > > On Tue, Feb 14, 2012 at 02:10:37PM -0700, Eric Blake wrote: > > > Meta-question - if the XML requests secure, but TLS is disabled, should > > > we instead be failing to start the domain with a complaint that we can't > > > honor the XML? > > > > Meta-non-answer, when a TLS port is set but TLS is disabled in the config > > file, it's silently ignored: > > What value does allowing TLS configuration in qemu.conf add? That > seems wrong to me because it creates the possibility of the kind of > ambiguity discovered here. Shouldn't the domain XML be the only > required statement of the user's intent? It enables you to turn on TLS for all guests, regardless of the domain XML configuration, which is a desirable policy control knob for a host level administrator to have. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list