Re: [libvirt] [PATCH 2/2] domain_conf: add "default" to list of valid spice channels
On 05/07/2012 09:53 AM, Eric Blake wrote:
On 05/07/2012 06:33 AM, Alon Levy wrote:
> qemu's behavior in this case is to change the spice server behavior to
> require secure connection to any channel not otherwise specified as
> being in plaintext mode. libvirt doesn't currently allow requesting this
> (via plaintext-channel=<channel name>).
>
> RHBZ: 819499
>
> Signed-off-by: Alon Levy <alevy(a)redhat.com>
> ---
> src/conf/domain_conf.c | 3 ++-
> src/conf/domain_conf.h | 1 +
> 2 files changed, 3 insertions(+), 1 deletion(-)
Same complaints as for 1/2 (docs, RNG schema, tests). Also, is it ever
valid to mark the default channel for plaintext (meaning all channels
not marked secure are plaintext), or must it only be permitted for
secure channels?
Here's one of the existing tests:
tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml
<graphics type='spice' port='5903' tlsPort='5904'
autoport='no'
listen='127.0.0.1'>
<listen type='address' address='127.0.0.1'/>
<channel name='main' mode='secure'/>
<channel name='inputs' mode='insecure'/>
I'm wondering if rather than adding a new <channel name='default'
mode='.../'>, it might make more sense to hoist the default channel
security mode up one element. Something like:
<graphics type='spice' default_mode='secure' ...>
<channel name='main' mode='secure'/> <!-- redundant -->
<channel name='inputs' mode='insecure'/> <!-- override default
-->
<channel name='usbredir'/> <!-- defaults to secure due to
<graphics> -->
While it is obvious that usbredir must be a valid channel name, it's not
as obvious about 'default' being a channel name (since it is really more
of the catchall for all other channels not explicitly listed).
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 620 bytes)