[libvirt] [PATCH] Don't add SPICE TLS channels when TLS is disabled

Eric Blake eblake at redhat.com
Wed Feb 15 18:06:41 UTC 2012


On 02/15/2012 09:36 AM, Christophe Fergeau wrote:
> On Wed, Feb 15, 2012 at 03:10:47PM +0000, Daniel P. Berrange wrote:
>> It enables you to turn on TLS for all guests, regardless of the
>> domain XML configuration, which is a desirable policy control
>> knob for a host level administrator to have.
> 
> I'm under the impression that it's doing the opposite in the SPICE case,
> but maybe I haven't been looking in the right place (qemu_command.c)

Is this a case where adding a third mode in libvirt XML might make sense?

mode='insecure' => don't bother with security, regardless of qemu.conf

mode='secure' => use security if tls is available in qemu.conf, but
silently fall back to insecure

mode='mandatory-secure' => use security, and error out if qemu.conf
disabled tls

Or am I confusing things?

-- 
Eric Blake   eblake at redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120215/c12e2d1a/attachment-0001.sig>


More information about the libvir-list mailing list