[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] Don't add SPICE TLS channels when TLS is disabled



On Wed, Feb 15, 2012 at 09:59:57AM -0500, Dave Allan wrote:
> On Wed, Feb 15, 2012 at 10:08:24AM +0100, Christophe Fergeau wrote:
> > On Tue, Feb 14, 2012 at 02:10:37PM -0700, Eric Blake wrote:
> > > Meta-question - if the XML requests secure, but TLS is disabled, should
> > > we instead be failing to start the domain with a complaint that we can't
> > > honor the XML?
> > 
> > Meta-non-answer, when a TLS port is set but TLS is disabled in the config
> > file, it's silently ignored:
> 
> What value does allowing TLS configuration in qemu.conf add?  That
> seems wrong to me because it creates the possibility of the kind of
> ambiguity discovered here.  Shouldn't the domain XML be the only
> required statement of the user's intent?

It enables you to turn on TLS for all guests, regardless of the
domain XML configuration, which is a desirable policy control
knob for a host level administrator to have.


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]