let spice_entry = str_entry "spice_listen"
| bool_entry "spice_tls"
| str_entry "spice_tls_x509_cert_dir"
+ | bool_entry "spice_auto_unix_socket"
| str_entry "spice_password"
| bool_entry "spice_sasl"
| str_entry "spice_sasl_dir"
#spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"
+# Enable this option to have SPICE served over an automatically created
+# unix socket. This prevents unprivileged access from users on the
+# host machine.
+#
+# This will only be enabled for SPICE configurations that have listen
+# type=address but without any address specified. This setting takes
+# preference over spice_listen.
+#
+#spice_auto_unix_socket = 1
+
+
# The default SPICE password. This parameter is only used if the
# per-domain XML config does not already provide a password. To
# allow access without passwords, leave this commented out. An
GET_VALUE_STR("spice_sasl_dir", cfg->spiceSASLdir);
GET_VALUE_STR("spice_listen", cfg->spiceListen);
GET_VALUE_STR("spice_password", cfg->spicePassword);
+ GET_VALUE_BOOL("spice_auto_unix_socket", cfg->spiceAutoUnixSocket);
GET_VALUE_ULONG("remote_websocket_port_min", cfg->webSocketPortMin);
char *spiceSASLdir;
char *spiceListen;
char *spicePassword;
+ bool spiceAutoUnixSocket;
int remotePortMin;
int remotePortMax;
break;
case VIR_DOMAIN_GRAPHICS_TYPE_SPICE:
+ useSocket = cfg->spiceAutoUnixSocket;
listenAddr = cfg->spiceListen;
break;
{ "spice_listen" = "0.0.0.0" }
{ "spice_tls" = "1" }
{ "spice_tls_x509_cert_dir" = "/etc/pki/libvirt-spice" }
+{ "spice_auto_unix_socket" = "1" }
{ "spice_password" = "XYZ12345" }
{ "spice_sasl" = "1" }
{ "spice_sasl_dir" = "/some/directory/sasl2" }
--- /dev/null
+LC_ALL=C \
+PATH=/bin \
+HOME=/home/test \
+USER=test \
+LOGNAME=test \
+QEMU_AUDIO_DRV=spice \
+/usr/bin/qemu \
+-name QEMUGuest1 \
+-S \
+-M pc \
+-m 214 \
+-smp 1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-nodefaults \
+-monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \
+-no-acpi \
+-boot c \
+-usb \
+-spice unix,addr=/tmp/lib/domain--1-QEMUGuest1/spice.sock \
+-vga cirrus
--- /dev/null
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219100</memory>
+ <currentMemory unit='KiB'>219100</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu</emulator>
+ <controller type='usb' index='0'/>
+ <controller type='ide' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <graphics type='spice' autoport='yes'>
+ <listen type='address'/>
+ </graphics>
+ <video>
+ <model type='cirrus' vram='16384' heads='1'/>
+ </video>
+ <memballoon model='none'/>
+ </devices>
+</domain>
DO_TEST("graphics-spice-auto-socket",
QEMU_CAPS_SPICE,
QEMU_CAPS_SPICE_UNIX);
+ driver.config->spiceAutoUnixSocket = true;
+ DO_TEST("graphics-spice-auto-socket-cfg",
+ QEMU_CAPS_SPICE,
+ QEMU_CAPS_SPICE_UNIX);
+ driver.config->spiceAutoUnixSocket = false;
DO_TEST("input-usbmouse", NONE);
DO_TEST("input-usbtablet", NONE);
--- /dev/null
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219100</memory>
+ <currentMemory unit='KiB'>219100</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu</emulator>
+ <controller type='usb' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+ </controller>
+ <controller type='ide' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <graphics type='spice' autoport='yes'>
+ <listen type='address'/>
+ </graphics>
+ <video>
+ <model type='cirrus' vram='16384' heads='1' primary='yes'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+ </video>
+ <memballoon model='none'/>
+ </devices>
+</domain>
DO_TEST("graphics-spice-qxl-vga");
DO_TEST("graphics-spice-socket");
DO_TEST("graphics-spice-auto-socket");
+ cfg->spiceAutoUnixSocket = true;
+ DO_TEST("graphics-spice-auto-socket-cfg");
+ cfg->spiceAutoUnixSocket = false;
+
DO_TEST("nographics-vga");
DO_TEST("input-usbmouse");
DO_TEST("input-usbtablet");
projects / libvirt.git / commitdiff