[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 3/3] qemu: Add conf option to auto setup VNC unix sockets



On 01/13/2011 08:21 AM, Daniel P. Berrange wrote:
> On Wed, Jan 12, 2011 at 12:32:44PM -0500, Cole Robinson wrote:
>> If vnc_auto_unix_socket is enabled, any VNC devices without a hardcoded
>> listen or socket value will be setup to serve over a unix socket in
>> /var/lib/libvirt/qemu/$vmname.vnc.
>>
>> We store the generated socket path in the transient VM definition at
>> CLI build time.
>>
>> Signed-off-by: Cole Robinson <crobinso redhat com>
>> ---
>>  src/qemu/qemu.conf      |    8 ++++++++
>>  src/qemu/qemu_command.c |   10 +++++++++-
>>  src/qemu/qemu_conf.c    |    4 ++++
>>  src/qemu/qemu_conf.h    |    1 +
>>  4 files changed, 22 insertions(+), 1 deletions(-)
> 
> Also needs to change the 2 augeas data files in the
> qemu directory.
> 
>> diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
>> index ba41f80..ae6136f 100644
>> --- a/src/qemu/qemu.conf
>> +++ b/src/qemu/qemu.conf
>> @@ -11,6 +11,14 @@
>>  #
>>  # vnc_listen = "0.0.0.0"
>>  
>> +# Enable this option to have VNC served over an automatically created
>> +# unix socket. This prevents unprivileged access from users on the
>> +# host machine, though most VNC clients do not support it.
>> +#
>> +# This will only be enabled for VNC configurations that do not have
>> +# a hardcoded 'listen' or 'socket' value.
>> +#
>> +# vnc_auto_unix_socket = 1
> 
> We likely need to indicate in here which of 'vnc_auto_unix_socket'
> and 'vnc_listen' take priority if both are enabled, since they
> are mutually exclusive. It looks like vnc_listen is totally
> ignored, if auto_unix_socket is set.
> 
>> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
>> index 8e86f43..5015935 100644
>> --- a/src/qemu/qemu_command.c
>> +++ b/src/qemu/qemu_command.c
>> @@ -3512,7 +3512,15 @@ qemuBuildCommandLine(virConnectPtr conn,
>>          def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC) {
>>          virBuffer opt = VIR_BUFFER_INITIALIZER;
>>  
>> -        if (def->graphics[0]->data.vnc.socket) {
>> +        if (def->graphics[0]->data.vnc.socket ||
>> +            driver->vncAutoUnixSocket) {
>> +
>> +            if (!def->graphics[0]->data.vnc.socket &&
>> +                virAsprintf(&def->graphics[0]->data.vnc.socket,
>> +                            "%s/%s.vnc", driver->libDir, def->name) == -1) {
>> +                goto no_memory;
>> +            }
>> +
>>              virBufferVSprintf(&opt, "unix:%s",
>>                                def->graphics[0]->data.vnc.socket);
>>  
>> diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
>> index e1502dc..9f9e99e 100644
>> --- a/src/qemu/qemu_conf.c
>> +++ b/src/qemu/qemu_conf.c
>> @@ -138,6 +138,10 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
>>          return -1;                                                      \
>>      }
>>  
>> +    p = virConfGetValue (conf, "vnc_auto_unix_socket");
>> +    CHECK_TYPE ("vnc_auto_unix_socket", VIR_CONF_LONG);
>> +    if (p) driver->vncAutoUnixSocket = p->l;
>> +
>>      p = virConfGetValue (conf, "vnc_tls");
>>      CHECK_TYPE ("vnc_tls", VIR_CONF_LONG);
>>      if (p) driver->vncTLS = p->l;
>> diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
>> index 5a5748b..af1be2e 100644
>> --- a/src/qemu/qemu_conf.h
>> +++ b/src/qemu/qemu_conf.h
>> @@ -82,6 +82,7 @@ struct qemud_driver {
>>      char *cacheDir;
>>      char *saveDir;
>>      char *snapshotDir;
>> +    unsigned int vncAutoUnixSocket : 1;
>>      unsigned int vncTLS : 1;
>>      unsigned int vncTLSx509verify : 1;
>>      unsigned int vncSASL : 1;
> 

Here's the diff:

diff --git a/daemon/test_libvirtd.aug b/daemon/test_libvirtd.aug
index 5f8b644..31fa643 100644
--- a/daemon/test_libvirtd.aug
+++ b/daemon/test_libvirtd.aug
@@ -271,6 +271,9 @@ log_filters=\"a\"

 # Auditing:
 audit_level = 2
+
+# VNC socket
+vnc_auto_unix_socket = 1
 "

    test Libvirtd.lns get conf =
@@ -549,3 +552,6 @@ audit_level = 2
        { "#empty" }
         { "#comment" = "Auditing:" }
         { "audit_level" = "2" }
+        { "#empty" }
+        { "#comment" = "VNC socket:" }
+        { "vnc_auto_unix_socket" = "1" }
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index ae6136f..66310d4 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -16,7 +16,8 @@
 # host machine, though most VNC clients do not support it.
 #
 # This will only be enabled for VNC configurations that do not have
-# a hardcoded 'listen' or 'socket' value.
+# a hardcoded 'listen' or 'socket' value. This setting takes preference
+# over vnc_listen.
 #
 # vnc_auto_unix_socket = 1


Anyone have a preference over 'socket' for the XML attribute, or should
I just push?

Thanks,
Cole


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]