Having looked through this, I'm thinking that the simplest thing that
would be useful at the moment is simply to have an option in
the /etc/libvirt/qemu.conf that adds the acl option to the vnc switch in
qemu.
It means that user will have to manipulate the acls directly via the
monitor command for the time being until the access layer is designed,
but at least you would be able to use acls on a machine launched by
libvirt ('change vnc' doesn't appear to activate acls unless the option
is active on the command line to start with.).
I can't find a way of doing it with 'qemu:commandline' either - since it
is an option to an existing switch.
So I'm thinking a new option in qemu.conf (vnc_acl) which would add
',acl' to the vnc switch on the qemu command. By default this would bar
access to VNC until you'd issued monitor commands to manipulate the
access lists.
The option only really makes sense if either vnc_tls_x509_verify or
vnc_sasl is set as well, so it may be worth only activating 'acl' in the
code if either of those two are also on.
My preliminary tests show that it is ignored by RHEL5's default qemu-kvm
much as it ignores SASL and that it is works as expected on RHEL6.
If this sounds useful, I'm happy to code it up.
Thoughts?
Rgs
Neil