]>
Commit | Line | Data |
---|---|---|
1 | From: Neil Wilson <neil@brightbox.co.uk> | |
2 | To: libvir-list@redhat.com | |
3 | Date: Mon, 10 Jan 2011 09:52:56 +0000 | |
4 | Message-ID: <1294653176.3013.16.camel@lenovo-3000-n100> | |
5 | ||
6 | Hi, | |
7 | ||
8 | Here's the patch to add basic ACL support to QEMU within libvirt. Like | |
9 | SASL it's ignored by RHEL5's default qemu. Newer qemu picks it up as | |
10 | expected and you can manipulate the acls using 'virsh'. | |
11 | ||
12 | ||
13 | diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf | |
14 | index ba41f80..7ab5eee 100644 | |
15 | --- a/src/qemu/qemu.conf | |
16 | +++ b/src/qemu/qemu.conf | |
17 | @@ -71,6 +71,15 @@ | |
18 | # vnc_sasl = 1 | |
19 | ||
20 | ||
21 | +# Enable the VNC access control lists. When switched on this will | |
22 | +# initially block all vnc users from accessing the vnc server. To | |
23 | +# add and remove ids from the ACLs you will need to send the appropriate | |
24 | +# commands to the qemu monitor as required by your particular version of | |
25 | +# QEMU. See the QEMU documentation for more details. | |
26 | +# | |
27 | +# vnc_acl = 1 | |
28 | + | |
29 | + | |
30 | # The default SASL configuration file is located in /etc/sasl/ | |
31 | # When running libvirtd unprivileged, it may be desirable to | |
32 | # override the configs in this location. Set this parameter to | |
33 | --- libvirt-1.0.6/src/qemu/qemu_command.c.orig 2013-06-16 15:45:37.115181922 +0200 | |
34 | +++ libvirt-1.0.6/src/qemu/qemu_command.c 2013-06-16 15:47:49.335179175 +0200 | |
35 | @@ -6178,6 +6178,10 @@ | |
36 | ||
37 | /* TODO: Support ACLs later */ | |
38 | } | |
39 | + | |
40 | + if (cfg->vncACL) | |
41 | + virBufferAddLit(&opt, ",acl"); | |
42 | + | |
43 | } | |
44 | ||
45 | virCommandAddArg(cmd, "-vnc"); | |
46 | --- libvirt-1.1.3/src/qemu/qemu_conf.c.orig 2013-10-22 20:38:43.522043292 +0200 | |
47 | +++ libvirt-1.1.3/src/qemu/qemu_conf.c 2013-10-22 20:45:19.515360007 +0200 | |
48 | @@ -357,6 +357,7 @@ | |
49 | GET_VALUE_STR("vnc_sasl_dir", cfg->vncSASLdir); | |
50 | GET_VALUE_BOOL("vnc_allow_host_audio", cfg->vncAllowHostAudio); | |
51 | GET_VALUE_BOOL("nographics_allow_host_audio", cfg->nogfxAllowHostAudio); | |
52 | + GET_VALUE_LONG("vnc_acl", cfg->vncACL); | |
53 | ||
54 | p = virConfGetValue(conf, "security_driver"); | |
55 | if (p && p->type == VIR_CONF_LIST) { | |
56 | --- libvirt-1.0.3/src/qemu/qemu_conf.h.orig 2013-03-09 13:10:30.059751685 +0100 | |
57 | +++ libvirt-1.0.3/src/qemu/qemu_conf.h 2013-03-09 13:54:17.296308093 +0100 | |
58 | @@ -102,6 +102,7 @@ | |
59 | bool vncTLS; | |
60 | bool vncTLSx509verify; | |
61 | bool vncSASL; | |
62 | + bool vncACL; | |
63 | char *vncTLSx509certdir; | |
64 | char *vncListen; | |
65 | char *vncPassword; |