domain_conf: add "default" to list of valid spice channels

qemu's behavior in this case is to change the spice server behavior to require secure connection to any channel not otherwise specified as being in plaintext mode. libvirt doesn't currently allow requesting this (via plaintext-channel=<channel name>). RHBZ: 819499 Signed-off-by: Alon Levy <alevy@redhat.com>
2025-02-25 18:55:26 -06:00 · 2012-05-08 20:42:44 +03:00
parent 4e78ffb634
commit ba97e4edc6
7 changed files with 52 additions and 2 deletions
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -2929,6 +2929,13 @@ qemu-kvm -net nic,model=? /dev/null
              <span class="since">Since 0.9.3</span>
              NB, this may not be supported by all hypervisors.
              <span class="since">"spice" since 0.8.6</span>.
+              The <code>defaultMode</code> attribute sets the default channel
+              security policy, valid values are <code>secure</code>,
+              <code>insecure</code> and the default <code>any</code>
+              (which is secure if possible, but falls back to insecure
+              rather than erroring out if no secure path is
+              available). <span class="since">"defaultMode" since
+              0.9.12</span>.
            </p>
            <p>
              When SPICE has both a normal and TLS secured TCP port
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1774,6 +1774,15 @@
              </choice>
            </attribute>
          </optional>
+          <optional>
+            <attribute name="defaultMode">
+              <choice>
+                <value>any</value>
+                <value>secure</value>
+                <value>insecure</value>
+              </choice>
+            </attribute>
+          </optional>
          <interleave>
            <ref name="listenElements"/>
            <zeroOrMore>