[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH] spice: add <clipboard copypaste='yes|no'> option



>From a security pov copy and paste between the guest and the client is not
always desirable. So we need to be able to enable/disable this. The best place
to do this from an administration pov is on the hypervisor, so the qemu cmdline
is getting a spice disable-copy-paste option, see bug 693645. Example qemu
invocation:
qemu -spice port=5932,disable-ticketing,disable-copy-paste

https://bugzilla.redhat.com/show_bug.cgi?id=693661
---
 docs/formatdomain.html.in                          |    9 ++++++
 docs/schemas/domain.rng                            |   11 +++++++
 src/conf/domain_conf.c                             |   31 +++++++++++++++++++-
 src/conf/domain_conf.h                             |   10 ++++++
 src/qemu/qemu_command.c                            |    2 +
 .../qemuxml2argv-graphics-spice.args               |    2 +-
 .../qemuxml2argv-graphics-spice.xml                |    1 +
 7 files changed, 64 insertions(+), 2 deletions(-)

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 225e0c8..e1f4168 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1838,6 +1838,7 @@ qemu-kvm -net nic,model=? /dev/null
     &lt;channel name='record' mode='insecure'/&gt;
     &lt;image compression='auto_glz'/&gt;
     &lt;streaming mode='filter'/&gt;
+    &lt;clipboard copypaste='no'/&gt;
   &lt;/graphics&gt;</pre>
             <p>
               Spice supports variable compression settings for audio,
@@ -1862,6 +1863,14 @@ qemu-kvm -net nic,model=? /dev/null
               of <code>filter</code>, <code>all</code>
               or <code>off</code>, <span class="since">since 0.9.2</span>.
             </p>
+            <p>
+              Copy &amp; Paste functionality (via Spice agent) is set
+              by the <code>clipboard</code> element. It is enabled by
+              default, and can be disabled by setting
+              the <code>copypaste</code> property
+              to <code>no</code>, <span class="since">since
+              0.9.2</span>.
+            </>
           </dd>
           <dt><code>"rdp"</code></dt>
           <dd>
diff --git a/docs/schemas/domain.rng b/docs/schemas/domain.rng
index 0be0371..b71778b 100644
--- a/docs/schemas/domain.rng
+++ b/docs/schemas/domain.rng
@@ -1379,6 +1379,17 @@
                 <empty/>
               </element>
             </optional>
+            <optional>
+              <element name="clipboard">
+                <attribute name="copypaste">
+                  <choice>
+                    <value>yes</value>
+                    <value>no</value>
+                  </choice>
+                </attribute>
+                <empty/>
+              </element>
+            </optional>
           </interleave>
         </group>
         <group>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 0d9fef4..3a0de99 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -364,6 +364,12 @@ VIR_ENUM_IMPL(virDomainGraphicsSpiceStreamingMode,
               "all",
               "off");
 
+VIR_ENUM_IMPL(virDomainGraphicsSpiceClipboardCopypaste,
+              VIR_DOMAIN_GRAPHICS_SPICE_CLIPBOARD_COPYPASTE_LAST,
+              "default",
+              "yes",
+              "no");
+
 VIR_ENUM_IMPL(virDomainHostdevMode, VIR_DOMAIN_HOSTDEV_MODE_LAST,
               "subsystem",
               "capabilities")
@@ -4284,6 +4290,26 @@ virDomainGraphicsDefParseXML(xmlNodePtr node, int flags) {
                     VIR_FREE(mode);
 
                     def->data.spice.streaming = modeVal;
+                } else if (xmlStrEqual(cur->name, BAD_CAST "clipboard")) {
+                    const char *copypaste = virXMLPropString(cur, "copypaste");
+                    int copypasteVal;
+
+                    if (!copypaste) {
+                        virDomainReportError(VIR_ERR_XML_ERROR, "%s",
+                                             _("spice clipboard missing copypaste"));
+                        goto error;
+                    }
+
+                    if ((copypasteVal =
+                         virDomainGraphicsSpiceClipboardCopypasteTypeFromString(copypaste)) <= 0) {
+                        virDomainReportError(VIR_ERR_INTERNAL_ERROR,
+                                             _("unknown copypaste value '%s'"), copypaste);
+                        VIR_FREE(copypaste);
+                        goto error;
+                    }
+                    VIR_FREE(copypaste);
+
+                    def->data.spice.copypaste = copypasteVal;
                 }
             }
             cur = cur->next;
@@ -9209,7 +9235,7 @@ virDomainGraphicsDefFormat(virBufferPtr buf,
         }
         if (!children && (def->data.spice.image || def->data.spice.jpeg ||
                           def->data.spice.zlib || def->data.spice.playback ||
-                          def->data.spice.streaming)) {
+                          def->data.spice.streaming || def->data.spice.copypaste)) {
             virBufferAddLit(buf, ">\n");
             children = 1;
         }
@@ -9228,6 +9254,9 @@ virDomainGraphicsDefFormat(virBufferPtr buf,
         if (def->data.spice.streaming)
             virBufferAsprintf(buf, "      <streaming mode='%s'/>\n",
                               virDomainGraphicsSpiceStreamingModeTypeToString(def->data.spice.streaming));
+        if (def->data.spice.copypaste)
+            virBufferAsprintf(buf, "      <clipboard copypaste='%s'/>\n",
+                              virDomainGraphicsSpiceClipboardCopypasteTypeToString(def->data.spice.copypaste));
     }
 
     if (children) {
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 41c8136..3ef48d1 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -715,6 +715,14 @@ enum virDomainGraphicsSpiceStreamingMode {
     VIR_DOMAIN_GRAPHICS_SPICE_STREAMING_MODE_LAST
 };
 
+enum virDomainGraphicsSpiceClipboardCopypaste {
+    VIR_DOMAIN_GRAPHICS_SPICE_CLIPBOARD_COPYPASTE_DEFAULT = 0,
+    VIR_DOMAIN_GRAPHICS_SPICE_CLIPBOARD_COPYPASTE_YES,
+    VIR_DOMAIN_GRAPHICS_SPICE_CLIPBOARD_COPYPASTE_NO,
+
+    VIR_DOMAIN_GRAPHICS_SPICE_CLIPBOARD_COPYPASTE_LAST
+};
+
 typedef struct _virDomainGraphicsDef virDomainGraphicsDef;
 typedef virDomainGraphicsDef *virDomainGraphicsDefPtr;
 struct _virDomainGraphicsDef {
@@ -757,6 +765,7 @@ struct _virDomainGraphicsDef {
             int zlib;
             int playback;
             int streaming;
+            int copypaste;
         } spice;
     } data;
 };
@@ -1553,6 +1562,7 @@ VIR_ENUM_DECL(virDomainGraphicsSpiceJpegCompression)
 VIR_ENUM_DECL(virDomainGraphicsSpiceZlibCompression)
 VIR_ENUM_DECL(virDomainGraphicsSpicePlaybackCompression)
 VIR_ENUM_DECL(virDomainGraphicsSpiceStreamingMode)
+VIR_ENUM_DECL(virDomainGraphicsSpiceClipboardCopypaste)
 /* from libvirt.h */
 VIR_ENUM_DECL(virDomainState)
 VIR_ENUM_DECL(virDomainNostateReason)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index ef2d002..f669dda 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -4043,6 +4043,8 @@ qemuBuildCommandLine(virConnectPtr conn,
         if (def->graphics[0]->data.spice.streaming)
             virBufferAsprintf(&opt, ",streaming-video=%s",
                               virDomainGraphicsSpiceStreamingModeTypeToString(def->graphics[0]->data.spice.streaming));
+        if (def->graphics[0]->data.spice.copypaste == VIR_DOMAIN_GRAPHICS_SPICE_CLIPBOARD_COPYPASTE_NO)
+            virBufferAddLit(&opt, ",disable-copy-paste");
 
         virCommandAddArg(cmd, "-spice");
         virCommandAddArgBuffer(cmd, &opt);
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.args b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.args
index 084a100..c9fdb99 100644
--- a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.args
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.args
@@ -4,6 +4,6 @@ unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda \
 /dev/HostVG/QEMUGuest1 -usb -spice port=5903,tls-port=5904,addr=127.0.0.1,\
 x509-dir=/etc/pki/libvirt-spice,tls-channel=main,plaintext-channel=inputs,\
 image-compression=auto_glz,jpeg-wan-compression=auto,zlib-glz-wan-compression=auto,\
-playback-compression=on,streaming-video=filter -vga \
+playback-compression=on,streaming-video=filter,disable-copy-paste -vga \
 qxl -global qxl.vram_size=18874368 -device qxl,id=video1,vram_size=33554432,bus=pci.0,addr=0x4 \
 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml
index 0d3dd48..79780c6 100644
--- a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml
@@ -29,6 +29,7 @@
       <zlib compression='auto'/>
       <playback compression='on'/>
       <streaming mode='filter'/>
+      <clipboard copypaste='no'/>
     </graphics>
     <video>
       <model type='qxl' vram='18432' heads='1'/>
-- 
1.7.5.2


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]