On Thu, Sep 6, 2012 at 3:59 PM, Avi Kivity <avi@xxxxxxxxxx> wrote: > On 09/06/2012 06:32 AM, Asias He wrote: >> On Wed, Sep 5, 2012 at 7:56 PM, Avi Kivity <avi@xxxxxxxxxx> wrote: >>> On 09/05/2012 01:14 PM, Asias He wrote: >>>> On Wed, Sep 5, 2012 at 5:53 PM, Avi Kivity <avi@xxxxxxxxxx> wrote: >>>>> On 09/05/2012 12:46 PM, Asias He wrote: >>>>>>> Ok. Then the socat command not only exposes the display to the guest, >>>>>>> but also to any local process with access to localhost:6000. >>>>>> >>>>>> Yes. It is a trick for people with 'Xorg -nolisten tcp' enabled. >>>>> >>>>> Which is hopefully everyone. >>>> >>>> Yup. That's why I want the socat trick ;-d >>> >>> No, it's horribly insecure. >>> >>> One option is to generate a temporary keypair and use ssh. >> >> ssh X11 forwarding need a ssh connection from host to guest. This >> requires a port forwarding from host to guest. >> lkvm's user mode network does not support this forwarding atm. > > That's actually a very useful feature. Yes, exactly. > >> >>> Or you can >>> make the guest talk to an internal unix-domain socket, tunnel that >>> through virtio-serial, terminate virtio-serial in lkvm, and direct it >>> towards the local X socket. >> >> Doesn't this require some user agent or config modification to the guest? > > It does, a daemon that listens locally and forwards data over > virtio-serial. But you build your own initrd anyway, don't you? Using our custom init file is one use case. User may use distro disk image as guest also. > Another option is ppp-over-virtio-serial. Seems this still uses tcp where the link layer changes from ethernet to serial. >> Instead using a non-standard transport like virito-serial, maybe we >> can listen guest's x11 tcp data and forward ( may need some kind of >> conversion) to the local X socket. > > Sure, you can terminate the connection in lkvm (in effect lkvm becomes > an X server) and forward all traffic to the local unix-domain socket. -- Asias He -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html