]>
Commit | Line | Data |
---|---|---|
3f6c4997 JR |
1 | From: Neil Wilson <neil@brightbox.co.uk> |
2 | To: libvir-list@redhat.com | |
3 | Date: Mon, 10 Jan 2011 09:52:56 +0000 | |
4 | Message-ID: <1294653176.3013.16.camel@lenovo-3000-n100> | |
5 | ||
6 | Hi, | |
7 | ||
8 | Here's the patch to add basic ACL support to QEMU within libvirt. Like | |
9 | SASL it's ignored by RHEL5's default qemu. Newer qemu picks it up as | |
10 | expected and you can manipulate the acls using 'virsh'. | |
11 | ||
12 | ||
13 | diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf | |
14 | index ba41f80..7ab5eee 100644 | |
15 | --- a/src/qemu/qemu.conf | |
16 | +++ b/src/qemu/qemu.conf | |
17 | @@ -71,6 +71,15 @@ | |
18 | # vnc_sasl = 1 | |
19 | ||
20 | ||
21 | +# Enable the VNC access control lists. When switched on this will | |
22 | +# initially block all vnc users from accessing the vnc server. To | |
23 | +# add and remove ids from the ACLs you will need to send the appropriate | |
24 | +# commands to the qemu monitor as required by your particular version of | |
25 | +# QEMU. See the QEMU documentation for more details. | |
26 | +# | |
27 | +# vnc_acl = 1 | |
28 | + | |
29 | + | |
30 | # The default SASL configuration file is located in /etc/sasl/ | |
31 | # When running libvirtd unprivileged, it may be desirable to | |
32 | # override the configs in this location. Set this parameter to | |
c4db1ab9 JB |
33 | --- libvirt-1.0.6/src/qemu/qemu_command.c.orig 2013-06-16 15:45:37.115181922 +0200 |
34 | +++ libvirt-1.0.6/src/qemu/qemu_command.c 2013-06-16 15:47:49.335179175 +0200 | |
35 | @@ -6178,6 +6178,10 @@ | |
3f6c4997 | 36 | |
c4db1ab9 | 37 | /* TODO: Support ACLs later */ |
3f6c4997 | 38 | } |
c4db1ab9 JB |
39 | + |
40 | + if (cfg->vncACL) | |
41 | + virBufferAddLit(&opt, ",acl"); | |
42 | + | |
43 | } | |
3f6c4997 | 44 | |
c4db1ab9 | 45 | virCommandAddArg(cmd, "-vnc"); |
49f89de0 JB |
46 | --- libvirt-1.1.3/src/qemu/qemu_conf.c.orig 2013-10-22 20:38:43.522043292 +0200 |
47 | +++ libvirt-1.1.3/src/qemu/qemu_conf.c 2013-10-22 20:45:19.515360007 +0200 | |
48 | @@ -357,6 +357,7 @@ | |
7dbd1599 JB |
49 | GET_VALUE_STR("vnc_sasl_dir", cfg->vncSASLdir); |
50 | GET_VALUE_BOOL("vnc_allow_host_audio", cfg->vncAllowHostAudio); | |
49f89de0 | 51 | GET_VALUE_BOOL("nographics_allow_host_audio", cfg->nogfxAllowHostAudio); |
7dbd1599 | 52 | + GET_VALUE_LONG("vnc_acl", cfg->vncACL); |
3f6c4997 | 53 | |
4ef34a20 JB |
54 | p = virConfGetValue(conf, "security_driver"); |
55 | if (p && p->type == VIR_CONF_LIST) { | |
7dbd1599 JB |
56 | --- libvirt-1.0.3/src/qemu/qemu_conf.h.orig 2013-03-09 13:10:30.059751685 +0100 |
57 | +++ libvirt-1.0.3/src/qemu/qemu_conf.h 2013-03-09 13:54:17.296308093 +0100 | |
58 | @@ -102,6 +102,7 @@ | |
59 | bool vncTLS; | |
60 | bool vncTLSx509verify; | |
61 | bool vncSASL; | |
62 | + bool vncACL; | |
3f6c4997 JR |
63 | char *vncTLSx509certdir; |
64 | char *vncListen; | |
65 | char *vncPassword; |