NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

qemu: Allow serving VNC over a unix domain socket

Browse Source 
QEMU supports serving VNC over a unix domain socket rather than traditional
TCP host/port. This is specified with:

<graphics type='vnc' socket='/foo/bar/baz'/>

This provides better security access control than VNC listening on
127.0.0.1, but will cause issues with tools that rely on the lax security
(virt-manager in fedora runs as regular user by default, and wouldn't be
able to access a socket owned by 'qemu' or 'root').

Also not currently supported by any clients, though I have patches for
virt-manager, and virt-viewer should be simple to update.

v2:
    schema: Make listen vs. socket a <choice>
This commit is contained in:
Cole Robinson 2011-01-07 16:03:07 -05:00
parent cb4c2694f1
commit 1d9c0a08d9
10 changed files with 122 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/formatdomain.html.in
View File

@ -1350,7 +1350,11 @@ qemu-kvm -net nic,model=? /dev/null
in clear text. The <code>keymap</code> attribute specifies the keymap in clear text. The <code>keymap</code> attribute specifies the keymap
to use. It is possible to set a limit on the validity of the password to use. It is possible to set a limit on the validity of the password
be giving an timestamp <code>passwdValidTo='2010-04-09T15:51:00'</code> be giving an timestamp <code>passwdValidTo='2010-04-09T15:51:00'</code>
assumed to be in UTC. NB, this may not be supported by all hypervisors. assumed to be in UTC. NB, this may not be supported by all hypervisors.<br>
<br>
Rather than using listen/port, QEMU supports a <code>socket</code>
attribute for listening on a unix domain socket path.
<span class="since">Since 0.8.8</span>
</dd> </dd>
<dt><code>"spice"</code></dt> <dt><code>"spice"</code></dt>
<dd> <dd>

47
docs/schemas/domain.rng
View File

@ -1127,24 +1127,35 @@
<attribute name="type"> <attribute name="type">
<value>vnc</value> <value>vnc</value>
</attribute> </attribute>
<optional> <choice>
<attribute name="port"> <group>
<ref name="PortNumber"/> <optional>
</attribute> <attribute name="port">
</optional> <ref name="PortNumber"/>
<optional> </attribute>
<attribute name="autoport"> </optional>
<choice> <optional>
<value>yes</value> <attribute name="autoport">
<value>no</value> <choice>
</choice> <value>yes</value>
</attribute> <value>no</value>
</optional> </choice>
<optional> </attribute>
<attribute name="listen"> </optional>
<ref name="addrIP"/> <optional>
</attribute> <attribute name="listen">
</optional> <ref name="addrIP"/>
</attribute>
</optional>
</group>
<group>
<optional>
<attribute name="socket">
<ref name="absFilePath"/>
</attribute>
</optional>
</group>
</choice>
<optional> <optional>
<attribute name="passwd"> <attribute name="passwd">
<text/> <text/>

30
src/conf/domain_conf.c
View File

@ -477,6 +477,7 @@ void virDomainGraphicsDefFree(virDomainGraphicsDefPtr def)
switch (def->type) { switch (def->type) {
case VIR_DOMAIN_GRAPHICS_TYPE_VNC: case VIR_DOMAIN_GRAPHICS_TYPE_VNC:
VIR_FREE(def->data.vnc.listenAddr); VIR_FREE(def->data.vnc.listenAddr);
VIR_FREE(def->data.vnc.socket);
VIR_FREE(def->data.vnc.keymap); VIR_FREE(def->data.vnc.keymap);
virDomainGraphicsAuthDefClear(&def->data.vnc.auth); virDomainGraphicsAuthDefClear(&def->data.vnc.auth);
break; break;
@ -3495,6 +3496,7 @@ virDomainGraphicsDefParseXML(xmlNodePtr node, int flags) {
} }
def->data.vnc.listenAddr = virXMLPropString(node, "listen"); def->data.vnc.listenAddr = virXMLPropString(node, "listen");
def->data.vnc.socket = virXMLPropString(node, "socket");
def->data.vnc.keymap = virXMLPropString(node, "keymap"); def->data.vnc.keymap = virXMLPropString(node, "keymap");
if (virDomainGraphicsAuthDefParseXML(node, &def->data.vnc.auth) < 0) if (virDomainGraphicsAuthDefParseXML(node, &def->data.vnc.auth) < 0)
@ -7081,19 +7083,25 @@ virDomainGraphicsDefFormat(virBufferPtr buf,
switch (def->type) { switch (def->type) {
case VIR_DOMAIN_GRAPHICS_TYPE_VNC: case VIR_DOMAIN_GRAPHICS_TYPE_VNC:
if (def->data.vnc.port && if (def->data.vnc.socket) {
(!def->data.vnc.autoport || !(flags & VIR_DOMAIN_XML_INACTIVE))) if (def->data.vnc.socket)
virBufferVSprintf(buf, " port='%d'", virBufferVSprintf(buf, " socket='%s'",
def->data.vnc.port); def->data.vnc.socket);
else if (def->data.vnc.autoport) } else {
virBufferAddLit(buf, " port='-1'"); if (def->data.vnc.port &&
(!def->data.vnc.autoport || !(flags & VIR_DOMAIN_XML_INACTIVE)))
virBufferVSprintf(buf, " port='%d'",
def->data.vnc.port);
else if (def->data.vnc.autoport)
virBufferAddLit(buf, " port='-1'");
virBufferVSprintf(buf, " autoport='%s'", virBufferVSprintf(buf, " autoport='%s'",
def->data.vnc.autoport ? "yes" : "no"); def->data.vnc.autoport ? "yes" : "no");
if (def->data.vnc.listenAddr) if (def->data.vnc.listenAddr)
virBufferVSprintf(buf, " listen='%s'", virBufferVSprintf(buf, " listen='%s'",
def->data.vnc.listenAddr); def->data.vnc.listenAddr);
}
if (def->data.vnc.keymap) if (def->data.vnc.keymap)
virBufferEscapeString(buf, " keymap='%s'", virBufferEscapeString(buf, " keymap='%s'",

1
src/conf/domain_conf.h
View File

@ -596,6 +596,7 @@ struct _virDomainGraphicsDef {
unsigned int autoport :1; unsigned int autoport :1;
char *listenAddr; char *listenAddr;
char *keymap; char *keymap;
char *socket;
virDomainGraphicsAuthDef auth; virDomainGraphicsAuthDef auth;
} vnc; } vnc;
struct { struct {

52
src/qemu/qemu_command.c
View File

@ -3560,7 +3560,11 @@ qemuBuildCommandLine(virConnectPtr conn,
def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC) { def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC) {
virBuffer opt = VIR_BUFFER_INITIALIZER; virBuffer opt = VIR_BUFFER_INITIALIZER;
if (qemuCmdFlags & QEMUD_CMD_FLAG_VNC_COLON) { if (def->graphics[0]->data.vnc.socket) {
virBufferVSprintf(&opt, "unix:%s",
def->graphics[0]->data.vnc.socket);
} else if (qemuCmdFlags & QEMUD_CMD_FLAG_VNC_COLON) {
if (def->graphics[0]->data.vnc.listenAddr) if (def->graphics[0]->data.vnc.listenAddr)
virBufferAdd(&opt, def->graphics[0]->data.vnc.listenAddr, -1); virBufferAdd(&opt, def->graphics[0]->data.vnc.listenAddr, -1);
else if (driver->vncListen) else if (driver->vncListen)
@ -3569,6 +3573,12 @@ qemuBuildCommandLine(virConnectPtr conn,
virBufferVSprintf(&opt, ":%d", virBufferVSprintf(&opt, ":%d",
def->graphics[0]->data.vnc.port - 5900); def->graphics[0]->data.vnc.port - 5900);
} else {
virBufferVSprintf(&opt, "%d",
def->graphics[0]->data.vnc.port - 5900);
}
if (qemuCmdFlags & QEMUD_CMD_FLAG_VNC_COLON) {
if (def->graphics[0]->data.vnc.auth.passwd || if (def->graphics[0]->data.vnc.auth.passwd ||
driver->vncPassword) driver->vncPassword)
virBufferAddLit(&opt, ",password"); virBufferAddLit(&opt, ",password");
@ -3593,9 +3603,6 @@ qemuBuildCommandLine(virConnectPtr conn,
/* TODO: Support ACLs later */ /* TODO: Support ACLs later */
} }
} else {
virBufferVSprintf(&opt, "%d",
def->graphics[0]->data.vnc.port - 5900);
} }
virCommandAddArg(cmd, "-vnc"); virCommandAddArg(cmd, "-vnc");
@ -5296,24 +5303,33 @@ virDomainDefPtr qemuParseCommandLine(virCapsPtr caps,
goto no_memory; goto no_memory;
vnc->type = VIR_DOMAIN_GRAPHICS_TYPE_VNC; vnc->type = VIR_DOMAIN_GRAPHICS_TYPE_VNC;
tmp = strchr(val, ':'); if (STRPREFIX(val, "unix:")) {
if (tmp) { vnc->data.vnc.socket = strdup(val + 5);
char *opts; if (!vnc->data.vnc.socket) {
if (virStrToLong_i(tmp+1, &opts, 10, &vnc->data.vnc.port) < 0) {
VIR_FREE(vnc);
qemuReportError(VIR_ERR_INTERNAL_ERROR, \
_("cannot parse VNC port '%s'"), tmp+1);
goto error;
}
vnc->data.vnc.listenAddr = strndup(val, tmp-val);
if (!vnc->data.vnc.listenAddr) {
VIR_FREE(vnc); VIR_FREE(vnc);
goto no_memory; goto no_memory;
} }
vnc->data.vnc.port += 5900;
vnc->data.vnc.autoport = 0;
} else { } else {
vnc->data.vnc.autoport = 1; tmp = strchr(val, ':');
if (tmp) {
char *opts;
if (virStrToLong_i(tmp+1, &opts, 10,
&vnc->data.vnc.port) < 0) {
VIR_FREE(vnc);
qemuReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot parse VNC port '%s'"), tmp+1);
goto error;
}
vnc->data.vnc.listenAddr = strndup(val, tmp-val);
if (!vnc->data.vnc.listenAddr) {
VIR_FREE(vnc);
goto no_memory;
}
vnc->data.vnc.port += 5900;
vnc->data.vnc.autoport = 0;
} else {
vnc->data.vnc.autoport = 1;
}
} }
if (VIR_REALLOC_N(def->graphics, def->ngraphics+1) < 0) { if (VIR_REALLOC_N(def->graphics, def->ngraphics+1) < 0) {

1
src/qemu/qemu_driver.c
View File

@ -2674,6 +2674,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
if (vm->def->ngraphics == 1) { if (vm->def->ngraphics == 1) {
if (vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC && if (vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
!vm->def->graphics[0]->data.vnc.socket &&
vm->def->graphics[0]->data.vnc.autoport) { vm->def->graphics[0]->data.vnc.autoport) {
int port = qemudNextFreePort(driver, QEMU_VNC_PORT_MIN); int port = qemudNextFreePort(driver, QEMU_VNC_PORT_MIN);
if (port < 0) { if (port < 0) {

1
tests/qemuargv2xmltest.c
View File

@ -178,6 +178,7 @@ mymain(int argc, char **argv)
DO_TEST("disk-drive-network-sheepdog"); DO_TEST("disk-drive-network-sheepdog");
DO_TEST("disk-usb"); DO_TEST("disk-usb");
DO_TEST("graphics-vnc"); DO_TEST("graphics-vnc");
DO_TEST("graphics-vnc-socket");
driver.vncSASL = 1; driver.vncSASL = 1;
driver.vncSASLdir = strdup("/root/.sasl2"); driver.vncSASLdir = strdup("/root/.sasl2");

1
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-socket.args Normal file
View File

@ -0,0 +1 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 -smp 1 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc unix:/tmp/foo.socket

30
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-socket.xml Normal file
View File

@ -0,0 +1,30 @@
<domain type='qemu'>
<name>QEMUGuest1</name>
<uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
<memory>219200</memory>
<currentMemory>219200</currentMemory>
<vcpu>1</vcpu>
<os>
<type arch='i686' machine='pc'>hvm</type>
<boot dev='hd'/>
</os>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu</emulator>
<disk type='block' device='disk'>
<source dev='/dev/HostVG/QEMUGuest1'/>
<target dev='hda' bus='ide'/>
<address type='drive' controller='0' bus='0' unit='0'/>
</disk>
<controller type='ide' index='0'/>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' socket='/tmp/foo.socket'/>
<video>
<model type='cirrus' vram='9216' heads='1'/>
</video>
<memballoon model='virtio'/>
</devices>
</domain>

1
tests/qemuxml2argvtest.c
View File

@ -321,6 +321,7 @@ mymain(int argc, char **argv)
DO_TEST("disk-scsi-device-auto", QEMUD_CMD_FLAG_DRIVE | DO_TEST("disk-scsi-device-auto", QEMUD_CMD_FLAG_DRIVE |
QEMUD_CMD_FLAG_DEVICE | QEMUD_CMD_FLAG_NODEFCONFIG, false); QEMUD_CMD_FLAG_DEVICE | QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("graphics-vnc", 0, false); DO_TEST("graphics-vnc", 0, false);
DO_TEST("graphics-vnc-socket", 0, false);
driver.vncSASL = 1; driver.vncSASL = 1;
driver.vncSASLdir = strdup("/root/.sasl2"); driver.vncSASLdir = strdup("/root/.sasl2");