On Wed, Sep 5, 2012 at 7:56 PM, Avi Kivity <avi@xxxxxxxxxx> wrote: > On 09/05/2012 01:14 PM, Asias He wrote: >> On Wed, Sep 5, 2012 at 5:53 PM, Avi Kivity <avi@xxxxxxxxxx> wrote: >>> On 09/05/2012 12:46 PM, Asias He wrote: >>>>> Ok. Then the socat command not only exposes the display to the guest, >>>>> but also to any local process with access to localhost:6000. >>>> >>>> Yes. It is a trick for people with 'Xorg -nolisten tcp' enabled. >>> >>> Which is hopefully everyone. >> >> Yup. That's why I want the socat trick ;-d > > No, it's horribly insecure. > > One option is to generate a temporary keypair and use ssh. ssh X11 forwarding need a ssh connection from host to guest. This requires a port forwarding from host to guest. lkvm's user mode network does not support this forwarding atm. > Or you can > make the guest talk to an internal unix-domain socket, tunnel that > through virtio-serial, terminate virtio-serial in lkvm, and direct it > towards the local X socket. Doesn't this require some user agent or config modification to the guest? Instead using a non-standard transport like virito-serial, maybe we can listen guest's x11 tcp data and forward ( may need some kind of conversion) to the local X socket. > It's more work than exposing X11 via tcp, > but if the user said -nolisten tcp, you must respect it. -- Asias He -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
