git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Peter Krempa <pkrempa@redhat.com>
	Tue, 24 Nov 2020 13:08:04 +0000 (14:08 +0100)
committer	Peter Krempa <pkrempa@redhat.com>
	Tue, 24 Nov 2020 16:59:26 +0000 (17:59 +0100)
commit	4a3c80a668f5cabbe41d3a4f179f3c5fba4272fc
tree	4a2df016cae5bbc3a2cc5510a1e907dff5a00c71	tree
parent	f496d2de21deff3c3b8ee0e57899c2080d0d1d2b	commit \| diff

qemu: conf: Introduce "migrate_tls_force" qemu.conf option

Forgetting to use the VIR_MIGRATE_TLS flag with migration can lead to
leak of sensitive information. Add an administrative knob to force use
of the flag.

Note that without VIR_MIGRATE_PEER2PEER, the migration is driven by an
instance of the client library which doesn't necessarily run on either
of the hosts so the flag can't be used to assume VIR_MIGRATE_TLS even
if it wasn't provided by the user instead of rejecting if it's not.

Resolves: https://gitlab.com/libvirt/libvirt/-/issues/67
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

src/qemu/libvirtd_qemu.aug		diff \| blob \| blame \| history
src/qemu/qemu.conf		diff \| blob \| blame \| history
src/qemu/qemu_conf.c		diff \| blob \| blame \| history
src/qemu/qemu_conf.h		diff \| blob \| blame \| history
src/qemu/qemu_migration.c		diff \| blob \| blame \| history
src/qemu/test_libvirtd_qemu.aug.in		diff \| blob \| blame \| history