From patchwork Mon Mar 21 23:30:45 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cole Robinson X-Patchwork-Id: 64146 Delivered-To: patch@linaro.org Received: by 10.112.199.169 with SMTP id jl9csp1730079lbc; Mon, 21 Mar 2016 16:34:46 -0700 (PDT) X-Received: by 10.55.55.138 with SMTP id e132mr43291740qka.11.1458603286320; Mon, 21 Mar 2016 16:34:46 -0700 (PDT) Return-Path: Received: from mx5-phx2.redhat.com (mx5-phx2.redhat.com. [209.132.183.37]) by mx.google.com with ESMTPS id l10si26124293qgf.61.2016.03.21.16.34.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 21 Mar 2016 16:34:46 -0700 (PDT) Received-SPF: pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.37 as permitted sender) client-ip=209.132.183.37; Authentication-Results: mx.google.com; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.37 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by mx5-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u2LNVjOE036135; Mon, 21 Mar 2016 19:31:45 -0400 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id u2LNUsN0032504 for ; Mon, 21 Mar 2016 19:30:54 -0400 Received: from colepc.redhat.com (ovpn-113-66.phx2.redhat.com [10.3.113.66]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u2LNUq21012675; Mon, 21 Mar 2016 19:30:53 -0400 From: Cole Robinson To: libvirt-list@redhat.com Date: Mon, 21 Mar 2016 19:30:45 -0400 Message-Id: <4f00f6011d5f4c0aab231aed63fc485fa0799156.1458602208.git.crobinso@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-loop: libvir-list@redhat.com Cc: Christophe Fergeau Subject: [libvirt] [PATCH 2/2] qemu: Add qemu.conf option spice_auto_unix_socket X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com Similar to vnc_auto_unix_socket, this option tells libvirt to allocate a listening socket path for default config, taking precedence over spice_listen. https://bugzilla.redhat.com/show_bug.cgi?id=1043919 --- src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 11 +++++++++ src/qemu/qemu_command.c | 13 ++++++++--- src/qemu/qemu_conf.c | 1 + src/qemu/qemu_conf.h | 1 + src/qemu/test_libvirtd_qemu.aug.in | 1 + .../qemuxml2argv-graphics-spice-unix-auto.args | 21 +++++++++++++++++ .../qemuxml2argv-graphics-spice-unix-auto.xml | 27 ++++++++++++++++++++++ tests/qemuxml2argvtest.c | 6 +++++ 9 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-unix-auto.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-unix-auto.xml -- 2.5.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index b6f6dc4..49d59ad 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -40,6 +40,7 @@ module Libvirtd_qemu = | str_entry "spice_password" | bool_entry "spice_sasl" | str_entry "spice_sasl_dir" + | bool_entry "spice_auto_unix_socket" let nogfx_entry = bool_entry "nographics_allow_host_audio" diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index 4fa5e8a..cd0a614 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -156,6 +156,17 @@ #spice_sasl_dir = "/some/directory/sasl2" +# Enable this option to have SPICE served over an automatically created +# unix socket. This prevents unprivileged access from users on the +# host machine. +# +# This will only be enabled for SPICE configurations that do not have +# a hardcoded 'listen' or 'socket' value. This setting takes preference +# over spice_listen. +# +#spice_auto_unix_socket = 1 + + # By default, if no graphical front end is configured, libvirt will disable # QEMU audio output since directly talking to alsa/pulseaudio may not work # with various security settings. If you know what you're doing, enable diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 8a5baf5..d2bfae6 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -7370,7 +7370,8 @@ static int qemuBuildGraphicsSPICECommandLine(virQEMUDriverConfigPtr cfg, virCommandPtr cmd, virQEMUCapsPtr qemuCaps, - virDomainGraphicsDefPtr graphics) + virDomainGraphicsDefPtr graphics, + const char *domainLibDir) { virBuffer opt = VIR_BUFFER_INITIALIZER; const char *listenNetwork; @@ -7411,7 +7412,12 @@ qemuBuildGraphicsSPICECommandLine(virQEMUDriverConfigPtr cfg, /* TODO: Support ACLs later */ } - if (graphics->data.spice.socket) { + if (graphics->data.spice.socket || cfg->spiceAutoUnixSocket) { + if (!graphics->data.spice.socket && + virAsprintf(&graphics->data.spice.socket, + "%s/spice.sock", domainLibDir) == -1) + goto error; + virBufferAsprintf(&opt, "unix,addr=%s,", graphics->data.spice.socket); } else if (port > 0 || tlsPort > 0) { switch (virDomainGraphicsListenGetType(graphics, 0)) { @@ -7653,7 +7659,8 @@ qemuBuildGraphicsCommandLine(virQEMUDriverConfigPtr cfg, graphics, domainLibDir); case VIR_DOMAIN_GRAPHICS_TYPE_SPICE: - return qemuBuildGraphicsSPICECommandLine(cfg, cmd, qemuCaps, graphics); + return qemuBuildGraphicsSPICECommandLine(cfg, cmd, qemuCaps, + graphics, domainLibDir); case VIR_DOMAIN_GRAPHICS_TYPE_RDP: case VIR_DOMAIN_GRAPHICS_TYPE_DESKTOP: diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 77ef4fe..ac9e275 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -587,6 +587,7 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg, GET_VALUE_STR("spice_sasl_dir", cfg->spiceSASLdir); GET_VALUE_STR("spice_listen", cfg->spiceListen); GET_VALUE_STR("spice_password", cfg->spicePassword); + GET_VALUE_BOOL("spice_auto_unix_socket", cfg->spiceAutoUnixSocket); GET_VALUE_ULONG("remote_websocket_port_min", cfg->webSocketPortMin); diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h index a714b84..c94bf13 100644 --- a/src/qemu/qemu_conf.h +++ b/src/qemu/qemu_conf.h @@ -123,6 +123,7 @@ struct _virQEMUDriverConfig { char *spiceSASLdir; char *spiceListen; char *spicePassword; + bool spiceAutoUnixSocket; int remotePortMin; int remotePortMax; diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in index 8bec743..d09ecd3 100644 --- a/src/qemu/test_libvirtd_qemu.aug.in +++ b/src/qemu/test_libvirtd_qemu.aug.in @@ -17,6 +17,7 @@ module Test_libvirtd_qemu = { "spice_password" = "XYZ12345" } { "spice_sasl" = "1" } { "spice_sasl_dir" = "/some/directory/sasl2" } +{ "spice_auto_unix_socket" = "1" } { "nographics_allow_host_audio" = "1" } { "remote_display_port_min" = "5900" } { "remote_display_port_max" = "65535" } diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-unix-auto.args b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-unix-auto.args new file mode 100644 index 0000000..7f54855 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-unix-auto.args @@ -0,0 +1,21 @@ +LC_ALL=C \ +PATH=/bin \ +HOME=/home/test \ +USER=test \ +LOGNAME=test \ +QEMU_AUDIO_DRV=spice \ +/usr/bin/qemu \ +-name QEMUGuest1 \ +-S \ +-M pc \ +-m 214 \ +-smp 1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-nodefaults \ +-monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \ +-no-acpi \ +-boot c \ +-spice unix,addr=/tmp/lib/domain--1-QEMUGuest1/spice.sock \ +-vga qxl \ +-global qxl-vga.ram_size=67108864 \ +-global qxl-vga.vram_size=33554432 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-unix-auto.xml b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-unix-auto.xml new file mode 100644 index 0000000..7378be8 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-unix-auto.xml @@ -0,0 +1,27 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu + + + + + + + + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 76b64bd..15dde3d 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -994,6 +994,12 @@ mymain(void) QEMU_CAPS_VGA_QXL, QEMU_CAPS_SPICE, QEMU_CAPS_DEVICE_QXL); + driver.config->spiceAutoUnixSocket = true; + DO_TEST("graphics-spice-unix-auto", + QEMU_CAPS_VGA_QXL, + QEMU_CAPS_SPICE, + QEMU_CAPS_DEVICE_QXL); + driver.config->spiceAutoUnixSocket = false; DO_TEST("input-usbmouse", NONE); DO_TEST("input-usbtablet", NONE);