[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] Don't add SPICE TLS channels when TLS is disabled

On 02/15/2012 09:36 AM, Christophe Fergeau wrote:
> On Wed, Feb 15, 2012 at 03:10:47PM +0000, Daniel P. Berrange wrote:
>> It enables you to turn on TLS for all guests, regardless of the
>> domain XML configuration, which is a desirable policy control
>> knob for a host level administrator to have.
> I'm under the impression that it's doing the opposite in the SPICE case,
> but maybe I haven't been looking in the right place (qemu_command.c)

Is this a case where adding a third mode in libvirt XML might make sense?

mode='insecure' => don't bother with security, regardless of qemu.conf

mode='secure' => use security if tls is available in qemu.conf, but
silently fall back to insecure

mode='mandatory-secure' => use security, and error out if qemu.conf
disabled tls

Or am I confusing things?

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]