[packages/libvirt.git] / libvirt-qemu-acl.patch

From: Neil Wilson <neil@brightbox.co.uk>
To: libvir-list@redhat.com
Date: Mon, 10 Jan 2011 09:52:56 +0000
Message-ID: <1294653176.3013.16.camel@lenovo-3000-n100>

Hi,

Here's the patch to add basic ACL support to QEMU within libvirt. Like
SASL it's ignored by RHEL5's default qemu. Newer qemu picks it up as
expected and you can manipulate the acls using 'virsh'. 


diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index ba41f80..7ab5eee 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -71,6 +71,15 @@
 # vnc_sasl = 1
 
 
+# Enable the VNC access control lists. When switched on this will
+# initially block all vnc users from accessing the vnc server. To
+# add and remove ids from the ACLs you will need to send the appropriate
+# commands to the qemu monitor as required by your particular version of
+# QEMU. See the QEMU documentation for more details.
+# 
+# vnc_acl = 1
+
+
 # The default SASL configuration file is located in /etc/sasl/
 # When running libvirtd unprivileged, it may be desirable to
 # override the configs in this location. Set this parameter to
--- libvirt-1.0.6/src/qemu/qemu_command.c.orig	2013-06-16 15:45:37.115181922 +0200
+++ libvirt-1.0.6/src/qemu/qemu_command.c	2013-06-16 15:47:49.335179175 +0200
@@ -6178,6 +6178,10 @@
 
             /* TODO: Support ACLs later */
         }
+
+        if (cfg->vncACL) 
+           virBufferAddLit(&opt, ",acl");
+
     }
 
     virCommandAddArg(cmd, "-vnc");
--- libvirt-1.1.3/src/qemu/qemu_conf.c.orig	2013-10-22 20:38:43.522043292 +0200
+++ libvirt-1.1.3/src/qemu/qemu_conf.c	2013-10-22 20:45:19.515360007 +0200
@@ -357,6 +357,7 @@
     GET_VALUE_STR("vnc_sasl_dir", cfg->vncSASLdir);
     GET_VALUE_BOOL("vnc_allow_host_audio", cfg->vncAllowHostAudio);
     GET_VALUE_BOOL("nographics_allow_host_audio", cfg->nogfxAllowHostAudio);
+    GET_VALUE_LONG("vnc_acl", cfg->vncACL);
 
     p = virConfGetValue(conf, "security_driver");
     if (p && p->type == VIR_CONF_LIST) {
--- libvirt-1.0.3/src/qemu/qemu_conf.h.orig	2013-03-09 13:10:30.059751685 +0100
+++ libvirt-1.0.3/src/qemu/qemu_conf.h	2013-03-09 13:54:17.296308093 +0100
@@ -102,6 +102,7 @@
     bool vncTLS;
     bool vncTLSx509verify;
     bool vncSASL;
+    bool vncACL;
     char *vncTLSx509certdir;
     char *vncListen;
     char *vncPassword;
Commit	Line	Data
	1	From: Neil Wilson <neil@brightbox.co.uk>
	2	To: libvir-list@redhat.com
	3	Date: Mon, 10 Jan 2011 09:52:56 +0000
	4	Message-ID: <1294653176.3013.16.camel@lenovo-3000-n100>
	5
	6	Hi,
	7
	8	Here's the patch to add basic ACL support to QEMU within libvirt. Like
	9	SASL it's ignored by RHEL5's default qemu. Newer qemu picks it up as
	10	expected and you can manipulate the acls using 'virsh'.
	11
	12
	13	diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
	14	index ba41f80..7ab5eee 100644
	15	--- a/src/qemu/qemu.conf
	16	+++ b/src/qemu/qemu.conf
	17	@@ -71,6 +71,15 @@
	18	# vnc_sasl = 1
	19
	20
	21	+# Enable the VNC access control lists. When switched on this will
	22	+# initially block all vnc users from accessing the vnc server. To
	23	+# add and remove ids from the ACLs you will need to send the appropriate
	24	+# commands to the qemu monitor as required by your particular version of
	25	+# QEMU. See the QEMU documentation for more details.
	26	+#
	27	+# vnc_acl = 1
	28	+
	29	+
	30	# The default SASL configuration file is located in /etc/sasl/
	31	# When running libvirtd unprivileged, it may be desirable to
	32	# override the configs in this location. Set this parameter to
	33	--- libvirt-1.0.6/src/qemu/qemu_command.c.orig 2013-06-16 15:45:37.115181922 +0200
	34	+++ libvirt-1.0.6/src/qemu/qemu_command.c 2013-06-16 15:47:49.335179175 +0200
	35	@@ -6178,6 +6178,10 @@
	36
	37	/* TODO: Support ACLs later */
	38	}
	39	+
	40	+ if (cfg->vncACL)
	41	+ virBufferAddLit(&opt, ",acl");
	42	+
	43	}
	44
	45	virCommandAddArg(cmd, "-vnc");
	46	--- libvirt-1.1.3/src/qemu/qemu_conf.c.orig 2013-10-22 20:38:43.522043292 +0200
	47	+++ libvirt-1.1.3/src/qemu/qemu_conf.c 2013-10-22 20:45:19.515360007 +0200
	48	@@ -357,6 +357,7 @@
	49	GET_VALUE_STR("vnc_sasl_dir", cfg->vncSASLdir);
	50	GET_VALUE_BOOL("vnc_allow_host_audio", cfg->vncAllowHostAudio);
	51	GET_VALUE_BOOL("nographics_allow_host_audio", cfg->nogfxAllowHostAudio);
	52	+ GET_VALUE_LONG("vnc_acl", cfg->vncACL);
	53
	54	p = virConfGetValue(conf, "security_driver");
	55	if (p && p->type == VIR_CONF_LIST) {
	56	--- libvirt-1.0.3/src/qemu/qemu_conf.h.orig 2013-03-09 13:10:30.059751685 +0100
	57	+++ libvirt-1.0.3/src/qemu/qemu_conf.h 2013-03-09 13:54:17.296308093 +0100
	58	@@ -102,6 +102,7 @@
	59	bool vncTLS;
	60	bool vncTLSx509verify;
	61	bool vncSASL;
	62	+ bool vncACL;
	63	char *vncTLSx509certdir;
	64	char *vncListen;
	65	char *vncPassword;