On Mon, Jun 13, 2011 at 11:05:10AM -0600, Eric Blake wrote:
From: Marc-André Lureau <marcandre.lureau@redhat.com>
From a security pov copy and paste between the guest and the client is not always desirable. So we need to be able to enable/disable this. The best place to do this from an administration pov is on the hypervisor, so the qemu cmdline is getting a spice disable-copy-paste option, see bug 693645. Example qemu invocation: qemu -spice port=5932,disable-ticketing,disable-copy-paste
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 98fb2b4..61af08e 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -1833,7 +1833,7 @@ qemu-kvm -net nic,model=? /dev/null and <span class="since">since 0.8.8</span>: <code>smartcard</code>. </p> <pre> - <graphics type='spice' port='-1' tlsPort='-1' autoport='yes'> + <graphics type='spice' port='-1' tlsPort='-1' autoport='yes' disableCopyPaste='no'> <channel name='main' mode='secure'/> <channel name='record' mode='insecure'/> <image compression='auto_glz'/> @@ -1862,6 +1862,12 @@ qemu-kvm -net nic,model=? /dev/null of <code>filter</code>, <code>all</code> or <code>off</code>, <span class="since">since 0.9.2</span>. </p> + <p> + Copy & Paste from guest to client (via Spice agent) + can be disabled by setting + the <code>disableCopyPaste</code> property + to <code>yes</code>, <span class="since">since 0.9.2</span>. + </> </dd> <dt><code>"rdp"</code></dt> <dd>
Other tunable parameters like this are being done as child elements inside <graphics>, eg the image compression parameters. I think that would be more desirable than adding this as an attribute. It is also nice to avoid double negatives like disableCopyPaste=no So how about <graphics> <clipboard copypaste='yes|no'> </graphics> defaulting to 'yes' if omitted if back compat of course. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|