Re: [libvirt] [PATCH] Don't add SPICE TLS channels when TLS is disabled
On 02/15/2012 09:36 AM, Christophe Fergeau wrote:
On Wed, Feb 15, 2012 at 03:10:47PM +0000, Daniel P. Berrange wrote:
> It enables you to turn on TLS for all guests, regardless of the
> domain XML configuration, which is a desirable policy control
> knob for a host level administrator to have.
I'm under the impression that it's doing the opposite in the SPICE case,
but maybe I haven't been looking in the right place (qemu_command.c)
Is this a case where adding a third mode in libvirt XML might make sense?
mode='insecure' => don't bother with security, regardless of qemu.conf
mode='secure' => use security if tls is available in qemu.conf, but
silently fall back to insecure
mode='mandatory-secure' => use security, and error out if qemu.conf
disabled tls
Or am I confusing things?
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 620 bytes)