On 02/15/2012 09:36 AM, Christophe Fergeau wrote: > On Wed, Feb 15, 2012 at 03:10:47PM +0000, Daniel P. Berrange wrote: >> It enables you to turn on TLS for all guests, regardless of the >> domain XML configuration, which is a desirable policy control >> knob for a host level administrator to have. > > I'm under the impression that it's doing the opposite in the SPICE case, > but maybe I haven't been looking in the right place (qemu_command.c) Is this a case where adding a third mode in libvirt XML might make sense? mode='insecure' => don't bother with security, regardless of qemu.conf mode='secure' => use security if tls is available in qemu.conf, but silently fall back to insecure mode='mandatory-secure' => use security, and error out if qemu.conf disabled tls Or am I confusing things? -- Eric Blake eblake@xxxxxxxxxx +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list