Re: [libvirt] [PATCH] Don't add SPICE TLS channels when TLS is disabled
On Wed, Feb 15, 2012 at 09:59:57AM -0500, Dave Allan wrote:
On Wed, Feb 15, 2012 at 10:08:24AM +0100, Christophe Fergeau wrote:
> On Tue, Feb 14, 2012 at 02:10:37PM -0700, Eric Blake wrote:
> > Meta-question - if the XML requests secure, but TLS is disabled, should
> > we instead be failing to start the domain with a complaint that we can't
> > honor the XML?
>
> Meta-non-answer, when a TLS port is set but TLS is disabled in the config
> file, it's silently ignored:
What value does allowing TLS configuration in qemu.conf add? That
seems wrong to me because it creates the possibility of the kind of
ambiguity discovered here. Shouldn't the domain XML be the only
required statement of the user's intent?
It enables you to turn on TLS for all guests, regardless of the
domain XML configuration, which is a desirable policy control
knob for a host level administrator to have.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|