On Wed, Jan 12, 2011 at 12:32:43PM -0500, Cole Robinson wrote:
QEMU supports serving VNC over a unix domain socket rather than traditional TCP host/port. This is specified with:
<graphics type='vnc' socket='/foo/bar/baz'/>
This provides better security access control than VNC listening on 127.0.0.1, but will cause issues with tools that rely on the lax security (virt-manager in fedora runs as regular user by default, and wouldn't be able to access a socket owned by 'qemu' or 'root').
Also not currently supported by any clients, though I have patches for virt-manager, and virt-viewer should be simple to update.
v2: schema: Make listen vs. socket a <choice>
Signed-off-by: Cole Robinson <crobinso@redhat.com> --- docs/formatdomain.html.in | 6 ++- docs/schemas/domain.rng | 47 +++++++++++------- src/conf/domain_conf.c | 30 +++++++---- src/conf/domain_conf.h | 1 + src/qemu/qemu_command.c | 52 +++++++++++++------- src/qemu/qemu_driver.c | 1 + tests/qemuargv2xmltest.c | 1 + .../qemuxml2argv-graphics-vnc-socket.args | 1 + .../qemuxml2argv-graphics-vnc-socket.xml | 30 +++++++++++ tests/qemuxml2argvtest.c | 1 + 10 files changed, 122 insertions(+), 48 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-socket.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-socket.xml
ACK My only thought would be whether 'socket' is the best name. Perhaps 'sockpath' or 'path' would be better, but its not a big deal ? Daniel