[libvirt] [PATCH] Don't add SPICE TLS channels when TLS is disabled
Eric Blake
eblake at redhat.com
Wed Feb 15 18:06:41 UTC 2012
On 02/15/2012 09:36 AM, Christophe Fergeau wrote:
> On Wed, Feb 15, 2012 at 03:10:47PM +0000, Daniel P. Berrange wrote:
>> It enables you to turn on TLS for all guests, regardless of the
>> domain XML configuration, which is a desirable policy control
>> knob for a host level administrator to have.
>
> I'm under the impression that it's doing the opposite in the SPICE case,
> but maybe I haven't been looking in the right place (qemu_command.c)
Is this a case where adding a third mode in libvirt XML might make sense?
mode='insecure' => don't bother with security, regardless of qemu.conf
mode='secure' => use security if tls is available in qemu.conf, but
silently fall back to insecure
mode='mandatory-secure' => use security, and error out if qemu.conf
disabled tls
Or am I confusing things?
--
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120215/c12e2d1a/attachment-0001.sig>
More information about the libvir-list
mailing list