diff mbox

[2/2] qemu: Add qemu.conf option spice_auto_unix_socket

Message ID 4f00f6011d5f4c0aab231aed63fc485fa0799156.1458602208.git.crobinso@redhat.com
State New
Headers show

Commit Message

Cole Robinson March 21, 2016, 11:30 p.m. UTC 
Similar to vnc_auto_unix_socket, this option tells libvirt to allocate
a listening socket path for default <graphics type='spice'/> config,
taking precedence over spice_listen.

https://bugzilla.redhat.com/show_bug.cgi?id=1043919
---
 src/qemu/libvirtd_qemu.aug                         |  1 +
 src/qemu/qemu.conf                                 | 11 +++++++++
 src/qemu/qemu_command.c                            | 13 ++++++++---
 src/qemu/qemu_conf.c                               |  1 +
 src/qemu/qemu_conf.h                               |  1 +
 src/qemu/test_libvirtd_qemu.aug.in                 |  1 +
 .../qemuxml2argv-graphics-spice-unix-auto.args     | 21 +++++++++++++++++
 .../qemuxml2argv-graphics-spice-unix-auto.xml      | 27 ++++++++++++++++++++++
 tests/qemuxml2argvtest.c                           |  6 +++++
 9 files changed, 79 insertions(+), 3 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-unix-auto.args
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-unix-auto.xml

-- 
2.5.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
diff mbox

Patch

diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index b6f6dc4..49d59ad 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -40,6 +40,7 @@  module Libvirtd_qemu =
                  | str_entry "spice_password"
                  | bool_entry "spice_sasl"
                  | str_entry "spice_sasl_dir"
+                 | bool_entry "spice_auto_unix_socket"
 
    let nogfx_entry = bool_entry "nographics_allow_host_audio"
 
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 4fa5e8a..cd0a614 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -156,6 +156,17 @@ 
 #spice_sasl_dir = "/some/directory/sasl2"
 
 
+# Enable this option to have SPICE served over an automatically created
+# unix socket. This prevents unprivileged access from users on the
+# host machine.
+#
+# This will only be enabled for SPICE configurations that do not have
+# a hardcoded 'listen' or 'socket' value. This setting takes preference
+# over spice_listen.
+#
+#spice_auto_unix_socket = 1
+
+
 # By default, if no graphical front end is configured, libvirt will disable
 # QEMU audio output since directly talking to alsa/pulseaudio may not work
 # with various security settings. If you know what you're doing, enable
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 8a5baf5..d2bfae6 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7370,7 +7370,8 @@  static int
 qemuBuildGraphicsSPICECommandLine(virQEMUDriverConfigPtr cfg,
                                   virCommandPtr cmd,
                                   virQEMUCapsPtr qemuCaps,
-                                  virDomainGraphicsDefPtr graphics)
+                                  virDomainGraphicsDefPtr graphics,
+                                  const char *domainLibDir)
 {
     virBuffer opt = VIR_BUFFER_INITIALIZER;
     const char *listenNetwork;
@@ -7411,7 +7412,12 @@  qemuBuildGraphicsSPICECommandLine(virQEMUDriverConfigPtr cfg,
         /* TODO: Support ACLs later */
     }
 
-    if (graphics->data.spice.socket) {
+    if (graphics->data.spice.socket || cfg->spiceAutoUnixSocket) {
+        if (!graphics->data.spice.socket &&
+            virAsprintf(&graphics->data.spice.socket,
+                        "%s/spice.sock", domainLibDir) == -1)
+            goto error;
+
         virBufferAsprintf(&opt, "unix,addr=%s,", graphics->data.spice.socket);
     } else if (port > 0 || tlsPort > 0) {
         switch (virDomainGraphicsListenGetType(graphics, 0)) {
@@ -7653,7 +7659,8 @@  qemuBuildGraphicsCommandLine(virQEMUDriverConfigPtr cfg,
                                                graphics, domainLibDir);
 
     case VIR_DOMAIN_GRAPHICS_TYPE_SPICE:
-        return qemuBuildGraphicsSPICECommandLine(cfg, cmd, qemuCaps, graphics);
+        return qemuBuildGraphicsSPICECommandLine(cfg, cmd, qemuCaps,
+                                                 graphics, domainLibDir);
 
     case VIR_DOMAIN_GRAPHICS_TYPE_RDP:
     case VIR_DOMAIN_GRAPHICS_TYPE_DESKTOP:
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 77ef4fe..ac9e275 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -587,6 +587,7 @@  int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
     GET_VALUE_STR("spice_sasl_dir", cfg->spiceSASLdir);
     GET_VALUE_STR("spice_listen", cfg->spiceListen);
     GET_VALUE_STR("spice_password", cfg->spicePassword);
+    GET_VALUE_BOOL("spice_auto_unix_socket", cfg->spiceAutoUnixSocket);
 
 
     GET_VALUE_ULONG("remote_websocket_port_min", cfg->webSocketPortMin);
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index a714b84..c94bf13 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -123,6 +123,7 @@  struct _virQEMUDriverConfig {
     char *spiceSASLdir;
     char *spiceListen;
     char *spicePassword;
+    bool spiceAutoUnixSocket;
 
     int remotePortMin;
     int remotePortMax;
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in
index 8bec743..d09ecd3 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -17,6 +17,7 @@  module Test_libvirtd_qemu =
 { "spice_password" = "XYZ12345" }
 { "spice_sasl" = "1" }
 { "spice_sasl_dir" = "/some/directory/sasl2" }
+{ "spice_auto_unix_socket" = "1" }
 { "nographics_allow_host_audio" = "1" }
 { "remote_display_port_min" = "5900" }
 { "remote_display_port_max" = "65535" }
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-unix-auto.args b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-unix-auto.args
new file mode 100644
index 0000000..7f54855
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-unix-auto.args
@@ -0,0 +1,21 @@ 
+LC_ALL=C \
+PATH=/bin \
+HOME=/home/test \
+USER=test \
+LOGNAME=test \
+QEMU_AUDIO_DRV=spice \
+/usr/bin/qemu \
+-name QEMUGuest1 \
+-S \
+-M pc \
+-m 214 \
+-smp 1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-nodefaults \
+-monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \
+-no-acpi \
+-boot c \
+-spice unix,addr=/tmp/lib/domain--1-QEMUGuest1/spice.sock \
+-vga qxl \
+-global qxl-vga.ram_size=67108864 \
+-global qxl-vga.vram_size=33554432
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-unix-auto.xml b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-unix-auto.xml
new file mode 100644
index 0000000..7378be8
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-unix-auto.xml
@@ -0,0 +1,27 @@ 
+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>219136</memory>
+  <currentMemory unit='KiB'>219136</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu</emulator>
+    <controller type='usb' model='none' index='0'/>
+    <controller type='pci' index='0' model='pci-root'/>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <graphics type='spice'/>
+    <video>
+      <model type='qxl' ram='65536' vram='32768' vgamem='8192' heads='1'/>
+    </video>
+    <memballoon model='none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 76b64bd..15dde3d 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -994,6 +994,12 @@  mymain(void)
             QEMU_CAPS_VGA_QXL,
             QEMU_CAPS_SPICE,
             QEMU_CAPS_DEVICE_QXL);
+    driver.config->spiceAutoUnixSocket = true;
+    DO_TEST("graphics-spice-unix-auto",
+            QEMU_CAPS_VGA_QXL,
+            QEMU_CAPS_SPICE,
+            QEMU_CAPS_DEVICE_QXL);
+    driver.config->spiceAutoUnixSocket = false;
 
     DO_TEST("input-usbmouse", NONE);
     DO_TEST("input-usbtablet", NONE);