On Mon, May 24, 2010 at 10:56:39AM -0400, Cole Robinson wrote:
On 05/24/2010 10:31 AM, Daniel P. Berrange wrote:
> On Mon, May 24, 2010 at 10:26:43AM -0400, Cole Robinson wrote:
>> On 05/24/2010 10:14 AM, Daniel P. Berrange wrote:
>>> On Thu, May 20, 2010 at 12:04:04PM -0400, Cole Robinson wrote:
>>>> Currently all host audio backends are disabled if a VM is using VNC, in
>>>> favor of the QEMU VNC audio extension. Unfortunately no released VNC
>>>> client supports this extension, so users have no way of getting audio
>>>> to work if using VNC.
>>>>
>>>> Add a new config option in qemu.conf which allows changing
libvirt's
>>>> behavior, but keep the default intact.
>>>>
>>>> Signed-off-by: Cole Robinson <crobinso(a)redhat.com>
>>>> ---
>>>> src/qemu/qemu.conf | 10 ++++++++++
>>>> src/qemu/qemu_conf.c | 17 ++++++++++++-----
>>>> src/qemu/qemu_conf.h | 2 ++
>>>> 3 files changed, 24 insertions(+), 5 deletions(-)
>>>>
>>>> diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
>>>> index 3da332f..fec946d 100644
>>>> --- a/src/qemu/qemu.conf
>>>> +++ b/src/qemu/qemu.conf
>>>> @@ -168,3 +168,13 @@
>>>> # be assigned to guests.
>>>> #
>>>> # relaxed_acs_check = 1
>>>> +
>>>> +
>>>> +# QEMU implements anextension for providing audio over a VNC
connection,
>>>> +# though if your VNC client does not support it, your only chance for
getting
>>>> +# sound output is through regular audio backends. By default, libvirt
will
>>>> +# disable all QEMU sound backends if using VNC, since they can cause
>>>> +# permissions issues. Enabling this option will make libvirtd honor
the
>>>> +# QEMU_AUDIO_DRV environment variable when using VNC.
>>>> +#
>>>> +# vnc_enable_audio_backend = 0
>>>
>>> I think this would be better named as 'vnc_allow_host_audio'
>>> since its not toggling VNC audio, just whether it is allowed
>>> to use the host audio drivers.
>>>
>>
>> Okay, I'll change and resend.
>>
>>> NB, even with this toggled things are unlikely to magically
>>> 'just work'. If QEMU is running as 'qemu' user ID, that
user
>>> won't have any permissions to use /dev/snd/* devices. And
>>> if running as 'root' then pulseaudio won't autospawn so will
>>> need to be run manually.
>>>
>>
>> Right. Currently getting sound to work in Fedora is a big pain, and
>> there have been quite a few user complaints. I'm going to write up a
>> 'known bug' page, documenting a workaround of qemu.conf user/group =
>> $USER to fix the issue, but this patch will still need to be backported.
>
> I'd really recommend against telling people to configure libvirt to run
> the guests as their own $USER because that'll open a huge can of worms.
>
What exactly are the downsides, besides the security implications? It
should exercise all the same code as user/group = 'qemu', but solves
issues like:
- Making sure emulator user can access $HOME for install media
- Audio
- PTY access
- SDL (if someone insists on it)
In the contex of desktop usage, these problems are all the result
of using the qemu:///system driver instead of the session driver.
We've not historically used the session driver, because it can't
setup a TAP device for guests out of the box. If we're going down
the route of manually post-install config steps as root, then instead
of changing libvirtd config, we'd be better of doing the manual
config step to allow TAP device access to $USER. This approach is
aligned with our driver design for qemu://session being the per
user bus, as opposed to hacking qemu://system todo something it
was never intended to support.
Independantly of this, those 4 problems above can also be addressed
for the system driver while maintaining the proper privilege
separation. Audio access by fixing GTK-VNC. PTY access by using the
libvirt streams API. SDL access by pointing it to the users'
xauth file (and setting an ACL on xauth to allow qemu to read it).
Install media by adding libvirt APIs to upload a kernel+initrd or
boot.iso the appropriate location. This is again aligned with our
design of the system instance being highly privileged, but separated
from any other accounts on the host.
> Better to tell them to add an ACL to /dev/snd/* using setfacl to
add the
> qemu user to the ACL for the sound card, or drop in a udev rule todo the
> same.
>
I'll try that out, but I wonder will my local user actually hear that
sound? Will the audio go to my pulseaudio session?
This will cause another pulseaudio daemon to open the sound device and play
directly, it shouldn't need to connect to the user's own pulse daemon. If
PA isn't in use, then QEMU will just try to access the sound card directly.
Daniel
--
|: Red Hat, Engineering, London -o-
http://people.redhat.com/berrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org -o-
http://deltacloud.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|