On Tue, Mar 27, 2012 at 10:17:02AM +0100, Daniel P. Berrange wrote:
On Mon, Mar 26, 2012 at 09:31:44PM +0200, Stef Walter wrote:
> In the GNOME UI we'd like to make use of Avahi discovery and name
> resolution "out of the box". A typical use case is for discovery of
> printers that are advertised using MDNS. This should work even on
> potentially 'hostile' networks such as a wireless access point in a
> print shop or airport. It should work without user configuration.
>
>
https://fedoraproject.org/wiki/Desktop/Whiteboards/AvahiDefault
>
> In order to turn on Avahi by default, and make it work by default,
> we'd like to make it possible to use Avahi without advertising any
> information to the network by default. Advertising information to
> the network (even the host name) without the user's configuration or
> consent is a privacy issue.
>
> libvirtd advertises itself via MDNS on the network by default. I
> understand that MDNS discovery of libvirtd is really handy in many
> cases.
>
> However since one has to configure network access in libvirtd anyway
> -- none of the access methods work "out of the box" to my
> understanding -- I'd like to suggest turning off libvirtd's MDNS
> publishing by default. As part of setting up libvirtd for network
> access, the user would turn on mdns_adv.
Actually, it is possible to remotely connect to any libvirtd instance
using an SSH tunnel, which works out of the box. Only the direct,
non-tunnelled TLS/SASL based connections require manual setup.
But since, IIUC, the default Fedora firewall setup blocks mDNS,
it still wouldn't work out of the box.
> I hope that makes sense. Let me know if I've gotten something wrong.
>
> Would you accept a patch to do this? Or would you suggest that we
> try and do this downstream in the Fedora/RHEL packages instead?
Our policy for Fedora / RHEL is to not change upstream behaviour, so this
kind of policy decision should be resolved here.
While apps like virt-manager do have the ability to use mDNS to locate
remote libvirtd servers, my gut feeling is that it is probably rarely
used. So given the need to tradeoff off out of the box usability against
privacy concerns, I think we could probably say turning off mDNS by
default is acceptable.
What do others think ?