/*
* libvirtd-config.c: daemon start of day, guest process & i/o management
*
- * Copyright (C) 2006-2012, 2014 Red Hat, Inc.
+ * Copyright (C) 2006-2012, 2014, 2015 Red Hat, Inc.
* Copyright (C) 2006 Daniel P. Berrange
*
* This library is free software; you can redistribute it and/or
if (VIR_STRDUP(data->unix_sock_rw_perms,
data->auth_unix_rw == REMOTE_AUTH_POLKIT ? "0777" : "0700") < 0 ||
- VIR_STRDUP(data->unix_sock_ro_perms, "0777") < 0)
+ VIR_STRDUP(data->unix_sock_ro_perms, "0777") < 0 ||
+ VIR_STRDUP(data->unix_sock_admin_perms, "0700") < 0)
goto error;
#if WITH_SASL
data->keepalive_count = 5;
data->keepalive_required = 0;
+ data->admin_min_workers = 5;
+ data->admin_max_workers = 20;
+ data->admin_max_clients = 5000;
+ data->admin_max_queued_clients = 20;
+ data->admin_max_client_requests = 5;
+
+ data->admin_keepalive_interval = 5;
+ data->admin_keepalive_count = 5;
+ data->admin_keepalive_required = 0;
+
localhost = virGetHostname();
if (localhost == NULL) {
/* we couldn't resolve the hostname; assume that we are
}
VIR_FREE(data->access_drivers);
+ VIR_FREE(data->unix_sock_admin_perms);
VIR_FREE(data->unix_sock_ro_perms);
VIR_FREE(data->unix_sock_rw_perms);
VIR_FREE(data->unix_sock_group);
goto error;
GET_CONF_STR(conf, filename, unix_sock_group);
+ GET_CONF_STR(conf, filename, unix_sock_admin_perms);
GET_CONF_STR(conf, filename, unix_sock_ro_perms);
GET_CONF_STR(conf, filename, unix_sock_rw_perms);
GET_CONF_INT(conf, filename, max_requests);
GET_CONF_UINT(conf, filename, max_client_requests);
+ GET_CONF_UINT(conf, filename, admin_min_workers);
+ GET_CONF_UINT(conf, filename, admin_max_workers);
+ GET_CONF_UINT(conf, filename, admin_max_clients);
+ GET_CONF_UINT(conf, filename, admin_max_queued_clients);
+ GET_CONF_UINT(conf, filename, admin_max_client_requests);
+
GET_CONF_UINT(conf, filename, audit_level);
GET_CONF_UINT(conf, filename, audit_logging);
GET_CONF_UINT(conf, filename, keepalive_count);
GET_CONF_UINT(conf, filename, keepalive_required);
+ GET_CONF_INT(conf, filename, admin_keepalive_interval);
+ GET_CONF_UINT(conf, filename, admin_keepalive_count);
+ GET_CONF_UINT(conf, filename, admin_keepalive_required);
+
return 0;
error:
/*
* libvirtd-config.h: daemon start of day, guest process & i/o management
*
- * Copyright (C) 2006-2012 Red Hat, Inc.
+ * Copyright (C) 2006-2012, 2015 Red Hat, Inc.
* Copyright (C) 2006 Daniel P. Berrange
*
* This library is free software; you can redistribute it and/or
char *tls_port;
char *tcp_port;
+ char *unix_sock_admin_perms;
char *unix_sock_ro_perms;
char *unix_sock_rw_perms;
char *unix_sock_group;
int keepalive_interval;
unsigned int keepalive_count;
int keepalive_required;
+
+ int admin_min_workers;
+ int admin_max_workers;
+ int admin_max_clients;
+ int admin_max_queued_clients;
+ int admin_max_client_requests;
+
+ int admin_keepalive_interval;
+ unsigned int admin_keepalive_count;
+ int admin_keepalive_required;
};
let sock_acl_entry = str_entry "unix_sock_group"
| str_entry "unix_sock_ro_perms"
| str_entry "unix_sock_rw_perms"
+ | str_entry "unix_sock_admin_perms"
| str_entry "unix_sock_dir"
let authentication_entry = str_entry "auth_unix_ro"
| int_entry "max_client_requests"
| int_entry "prio_workers"
+ let admin_processing_entry = int_entry "admin_min_workers"
+ | int_entry "admin_max_workers"
+ | int_entry "admin_max_clients"
+ | int_entry "admin_max_queued_clients"
+ | int_entry "admin_max_client_requests"
+
let logging_entry = int_entry "log_level"
| str_entry "log_filters"
| str_entry "log_outputs"
| int_entry "keepalive_count"
| bool_entry "keepalive_required"
+ let admin_keepalive_entry = int_entry "admin_keepalive_interval"
+ | int_entry "admin_keepalive_count"
+ | bool_entry "admin_keepalive_required"
+
let misc_entry = str_entry "host_uuid"
(* Each enty in the config is one of the following three ... *)
| certificate_entry
| authorization_entry
| processing_entry
+ | admin_processing_entry
| logging_entry
| auditing_entry
| keepalive_entry
+ | admin_keepalive_entry
| misc_entry
let comment = [ label "#comment" . del /#[ \t]*/ "# " . store /([^ \t\n][^\n]*)?/ . del /\n/ "\n" ]
let empty = [ label "#empty" . eol ]
# control, then you may want to relax this too.
#unix_sock_rw_perms = "0770"
+# Set the UNIX socket permissions for the admin interface socket.
+#
+# Default allows only owner (root), do not change it unless you are
+# sure to whom you are exposing the access to.
+#unix_sock_admin_perms = "0700"
+
# Set the name of the directory in which sockets will be found/created.
#unix_sock_dir = "/var/run/libvirt"
+
+
#################################################################
#
# Authentication.
# and max_workers parameter
#max_client_requests = 5
+# Same processing controls, but this time for the admin interface.
+# For description of each option, be so kind to scroll few lines
+# upwards.
+
+#admin_min_workers = 1
+#admin_max_workers = 5
+#admin_max_clients = 5
+#admin_max_queued_clients = 5
+#admin_max_client_requests = 5
+
#################################################################
#
# Logging controls
# support keepalive protocol. Defaults to 0.
#
#keepalive_required = 1
+
+# Keepalive settings for the admin interface
+#admin_keepalive_interval = 5
+#admin_keepalive_count = 5
+#
+#admin_keepalive_required = 1
{ "unix_sock_group" = "libvirt" }
{ "unix_sock_ro_perms" = "0777" }
{ "unix_sock_rw_perms" = "0770" }
+ { "unix_sock_admin_perms" = "0700" }
{ "unix_sock_dir" = "/var/run/libvirt" }
{ "auth_unix_ro" = "none" }
{ "auth_unix_rw" = "none" }
{ "prio_workers" = "5" }
{ "max_requests" = "20" }
{ "max_client_requests" = "5" }
+ { "admin_min_workers" = "1" }
+ { "admin_max_workers" = "5" }
+ { "admin_max_clients" = "5" }
+ { "admin_max_queued_clients" = "5" }
+ { "admin_max_client_requests" = "5" }
{ "log_level" = "3" }
{ "log_filters" = "3:remote 4:event" }
{ "log_outputs" = "3:syslog:libvirtd" }
{ "keepalive_interval" = "5" }
{ "keepalive_count" = "5" }
{ "keepalive_required" = "1" }
+ { "admin_keepalive_interval" = "5" }
+ { "admin_keepalive_count" = "5" }
+ { "admin_keepalive_required" = "1" }
# control then you may want to relax this to:
unix_sock_rw_perms = "0770"
+# Set the UNIX socket permissions for the admin interface socket.
+#
+# Default allows only owner (root), do not change it unless you are
+# sure to whom you are exposing the access to
+unix_sock_admin_perms = "0700"
+
#################################################################
# If not using PolicyKit and setting group ownership for access
# control then you may want to relax this to:
unix_sock_rw_perms = "0770"
+# Set the UNIX socket permissions for the admin interface socket.
+#
+# Default allows only owner (root), do not change it unless you are
+# sure to whom you are exposing the access to
+unix_sock_admin_perms = "0700"
#################################################################
#
# Authentication.
projects / libvirt.git / commitdiff