[libvirt] [PATCH 2/3] qemu: Allow serving VNC over a unix domain socket

Daniel P. Berrange berrange at redhat.com
Thu Jan 13 13:24:01 UTC 2011


On Wed, Jan 12, 2011 at 12:32:43PM -0500, Cole Robinson wrote:
> QEMU supports serving VNC over a unix domain socket rather than traditional
> TCP host/port. This is specified with:
> 
> <graphics type='vnc' socket='/foo/bar/baz'/>
> 
> This provides better security access control than VNC listening on
> 127.0.0.1, but will cause issues with tools that rely on the lax security
> (virt-manager in fedora runs as regular user by default, and wouldn't be
> able to access a socket owned by 'qemu' or 'root').
> 
> Also not currently supported by any clients, though I have patches for
> virt-manager, and virt-viewer should be simple to update.
> 
> v2:
>     schema: Make listen vs. socket a <choice>
> 
> Signed-off-by: Cole Robinson <crobinso at redhat.com>
> ---
>  docs/formatdomain.html.in                          |    6 ++-
>  docs/schemas/domain.rng                            |   47 +++++++++++-------
>  src/conf/domain_conf.c                             |   30 +++++++----
>  src/conf/domain_conf.h                             |    1 +
>  src/qemu/qemu_command.c                            |   52 +++++++++++++-------
>  src/qemu/qemu_driver.c                             |    1 +
>  tests/qemuargv2xmltest.c                           |    1 +
>  .../qemuxml2argv-graphics-vnc-socket.args          |    1 +
>  .../qemuxml2argv-graphics-vnc-socket.xml           |   30 +++++++++++
>  tests/qemuxml2argvtest.c                           |    1 +
>  10 files changed, 122 insertions(+), 48 deletions(-)
>  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-socket.args
>  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-socket.xml

ACK

My only thought would be whether 'socket' is the best name.
Perhaps 'sockpath' or 'path' would be better, but its not
a big deal ?

Daniel




More information about the libvir-list mailing list