Re: [PATCH] Re: Turning off libvirtd mdns by default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2012-03-27 14:08, Stef Walter wrote:

On 2012-03-27 11:17, Daniel P. Berrange wrote:


While apps like virt-manager do have the ability to use mDNS to locate
remote libvirtd servers, my gut feeling is that it is probably rarely
used. So given the need to tradeoff off out of the box usability against
privacy concerns, I think we could probably say turning off mDNS by
default is acceptable.

What do others think ?


BTW, I filed a bug that implements this change:

https://bugzilla.redhat.com/show_bug.cgi?id=807273


And here's the actual patch.

Cheers,

Stef

>From ef831d7c35871f26964742ca1de49ef464dd7bbb Mon Sep 17 00:00:00 2001
From: Stef Walter <stefw@xxxxxxxxx>
Date: Tue, 27 Mar 2012 13:59:07 +0200
Subject: [PATCH] Change the default of mdns_adv to false

 * Don't advertise information on the network without consent of
   the user, either through manual configuration, or a user
   interface that drives this option.
 * Since libvirtd must be configured for network access anyway
   this setting was not useful "out of the box", so changing this
   default setting does not remove "out of the box" functionality.
---
 daemon/libvirtd.c            |    2 +-
 daemon/libvirtd.conf         |    4 ++--
 daemon/test_libvirtd.aug     |    8 ++++----
 docs/remote.html.in          |    2 +-
 tests/confdata/libvirtd.conf |    4 ++--
 tests/confdata/libvirtd.out  |    4 ++--
 6 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index c1ab32d..44fb363 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -909,7 +909,7 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED)
 #endif
     data->auth_tls = REMOTE_AUTH_NONE;
 
-    data->mdns_adv = 1;
+    data->mdns_adv = 0;
 
     data->min_workers = 5;
     data->max_workers = 20;
diff --git a/daemon/libvirtd.conf b/daemon/libvirtd.conf
index 3eab2be..50eda1b 100644
--- a/daemon/libvirtd.conf
+++ b/daemon/libvirtd.conf
@@ -56,8 +56,8 @@
 # Alternatively can disable for all services on a host by
 # stopping the Avahi daemon
 #
-# This is enabled by default, uncomment this to disable it
-#mdns_adv = 0
+# This is disabled by default, uncomment this to enable it
+#mdns_adv = 1
 
 # Override the default mDNS advertizement name. This must be
 # unique on the immediate broadcast network.
diff --git a/daemon/test_libvirtd.aug b/daemon/test_libvirtd.aug
index 58b7170..dbe532a 100644
--- a/daemon/test_libvirtd.aug
+++ b/daemon/test_libvirtd.aug
@@ -54,8 +54,8 @@ listen_addr = \"192.168.0.1\"
 # Alternatively can disable for all services on a host by
 # stopping the Avahi daemon
 #
-# This is enabled by default, uncomment this to disable it
-mdns_adv = 0
+# This is disabled by default, uncomment this to enable it
+mdns_adv = 1
 
 # Override the default mDNS advertizement name. This must be
 # unique on the immediate broadcast network.
@@ -330,8 +330,8 @@ audit_level = 2
         { "#comment" = "Alternatively can disable for all services on a host by" }
         { "#comment" = "stopping the Avahi daemon" }
         { "#comment" = "" }
-        { "#comment" = "This is enabled by default, uncomment this to disable it" }
-        { "mdns_adv" = "0" }
+        { "#comment" = "This is disabled by default, uncomment this to enable it" }
+        { "mdns_adv" = "1" }
         { "#empty" }
         { "#comment" = "Override the default mDNS advertizement name. This must be" }
         { "#comment" = "unique on the immediate broadcast network." }
diff --git a/docs/remote.html.in b/docs/remote.html.in
index 6a8e830..e6af4c2 100644
--- a/docs/remote.html.in
+++ b/docs/remote.html.in
@@ -738,7 +738,7 @@ Blank lines and comments beginning with <code>#</code> are ignored.
       </tr>
       <tr>
         <td> mdns_adv <i>[0|1]</i> </td>
-        <td> 1 (advertise with mDNS) </td>
+        <td> 0 (advertise with mDNS) </td>
         <td>
   If set to 1 then the virtualization service will be advertised over
   mDNS to hosts on the local LAN segment.
diff --git a/tests/confdata/libvirtd.conf b/tests/confdata/libvirtd.conf
index a943bfa..2f2ba4b 100644
--- a/tests/confdata/libvirtd.conf
+++ b/tests/confdata/libvirtd.conf
@@ -48,8 +48,8 @@ tcp_port = "16509"
 # Alternatively can disable for all services on a host by
 # stopping the Avahi daemon
 #
-# This is enabled by default, uncomment this to disable it
-mdns_adv = 0
+# This is disabled by default, uncomment this to enable it
+mdns_adv = 1
 
 # Override the default mDNS advertizement name. This must be
 # unique on the immediate broadcast network.
diff --git a/tests/confdata/libvirtd.out b/tests/confdata/libvirtd.out
index 0bebe2f..171945d 100644
--- a/tests/confdata/libvirtd.out
+++ b/tests/confdata/libvirtd.out
@@ -37,8 +37,8 @@ tcp_port = "16509"
 # Alternatively can disable for all services on a host by
 # stopping the Avahi daemon
 #
-# This is enabled by default, uncomment this to disable it
-mdns_adv = 0
+# This is disabled by default, uncomment this to enable it
+mdns_adv = 1
 # Override the default mDNS advertizement name. This must be
 # unique on the immediate broadcast network.
 #
-- 
1.7.9.3


--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]