[libvirt] [PATCH] Don't add SPICE TLS channels when TLS is disabled
Daniel P. Berrange
berrange at redhat.com
Wed Feb 15 15:10:47 UTC 2012
On Wed, Feb 15, 2012 at 09:59:57AM -0500, Dave Allan wrote:
> On Wed, Feb 15, 2012 at 10:08:24AM +0100, Christophe Fergeau wrote:
> > On Tue, Feb 14, 2012 at 02:10:37PM -0700, Eric Blake wrote:
> > > Meta-question - if the XML requests secure, but TLS is disabled, should
> > > we instead be failing to start the domain with a complaint that we can't
> > > honor the XML?
> >
> > Meta-non-answer, when a TLS port is set but TLS is disabled in the config
> > file, it's silently ignored:
>
> What value does allowing TLS configuration in qemu.conf add? That
> seems wrong to me because it creates the possibility of the kind of
> ambiguity discovered here. Shouldn't the domain XML be the only
> required statement of the user's intent?
It enables you to turn on TLS for all guests, regardless of the
domain XML configuration, which is a desirable policy control
knob for a host level administrator to have.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list