[libvirt] VNC sharePolicy not working as expected

Ján Tomko jtomko at redhat.com
Wed Apr 16 09:08:01 UTC 2014 

On 04/16/2014 10:47 AM, Michal Privoznik wrote:
> On 15.04.2014 09:01, Kekane, Abhishek wrote:
>> Hi All,
>> Greetings!!!
>>
>> We are using KVM hypervisor driver for running OpenStack IaaS. Couple of
>> months back we have reported one security issue [1] in OS.
>> Basically we want to limit on the number of vnc client connections that
>> can be opened by users for a given VM.
>>
>>  >From libvirt 1.0.6 version onwards share policy feature is supported
>> to control the way consoles are accessed by the user.
>> Presently it is possible to configure share policy for vnc in 3
>> different ways:-
>> 1. allow-exclusive, allows clients to ask for exclusive access by
>> dropping other connections
>> 2. force-share, This is the default value, It allows multiple clients to
>> connect to the console in parallel sharing the same session

IIRC the default should be 'ignore' for both libvirt and qemu.

>> 3. ignore, welcomes every connection unconditionally
>>
>> In openstack nova for libvirt driver I am able to configure the
>> sharePolicy value to graphics element of domain's xml.
>>
>> <graphics type="vnc" autoport="yes" keymap="en-us" listen="127.0.0.1"
>> sharePolicy="force-shared">
>>      <listen type='address' address='127.0.0.1'/>
>> </graphics>
>> <graphics type="vnc" autoport="yes" keymap="en-us" listen="127.0.0.1"
>> sharePolicy="allow-exclusive">
>>      <listen type='address' address='127.0.0.1'/>
>> </graphics>
>> <graphics type="vnc" autoport="yes" keymap="en-us" listen="127.0.0.1"
>> sharePolicy="ignore">
>>      <listen type='address' address='127.0.0.1'/>
>> </graphics>
>>
>> But while testing I am not able to get expected results for
>> allow-exclusive and ignore sharePolicy.
>> For allow-exclusive sharePolicy previous connections are not getting
>> dropped and console contents are getting shared among all open consoles.

With allow-exclusive, the client needs to ask for exclusive access to drop all
other connections. If all clients ask for shared access, multiple connections
are allowed.

>> For ignore sharePolicy also contents are getting shared among all open
>> consoles.

This is expected, the client's request for exclusive access is ignored and the
console is shared.

>>
>> I am using libvirt version 1.1.1 and qemu version is 1.5.0.
> 
> If libvirt is constructing the qemu command line properly (look for -vnc
> ...,share=force-shared) then I'd say it's a qemu bug.
> 

See also the reply to this mail by Gerd Hoffman on qemu-devel:
https://lists.gnu.org/archive/html/qemu-devel/2014-04/msg02293.html

Jan


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140416/0545e9a5/attachment-0001.sig>

More information about the libvir-list mailing list