qemu: Add conf option to auto setup VNC unix sockets

If vnc_auto_unix_socket is enabled, any VNC devices without a hardcoded
listen or socket value will be setup to serve over a unix socket in
/var/lib/libvirt/qemu/$vmname.vnc.

We store the generated socket path in the transient VM definition at
CLI build time.

diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index ba41f80b2358b9f0d33f091bc4e60d517ebea29d..ae6136f57736baf36e23aa63c693a1f81e2796ad 100644 (file)
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -11,6 +11,14 @@
 #
 # vnc_listen = "0.0.0.0"
 
+# Enable this option to have VNC served over an automatically created
+# unix socket. This prevents unprivileged access from users on the
+# host machine, though most VNC clients do not support it.
+#
+# This will only be enabled for VNC configurations that do not have
+# a hardcoded 'listen' or 'socket' value.
+#
+# vnc_auto_unix_socket = 1
 
 # Enable use of TLS encryption on the VNC server. This requires
 # a VNC client which supports the VeNCrypt protocol extension.

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 58500e33b803370fefada580f9eea24f96b0c443..c20f03120ede7af25a87fdf030f0133572e2714b 100644 (file)
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -3560,7 +3560,15 @@ qemuBuildCommandLine(virConnectPtr conn,
         def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC) {
         virBuffer opt = VIR_BUFFER_INITIALIZER;
 
-        if (def->graphics[0]->data.vnc.socket) {
+        if (def->graphics[0]->data.vnc.socket ||
+            driver->vncAutoUnixSocket) {
+
+            if (!def->graphics[0]->data.vnc.socket &&
+                virAsprintf(&def->graphics[0]->data.vnc.socket,
+                            "%s/%s.vnc", driver->libDir, def->name) == -1) {
+                goto no_memory;
+            }
+
             virBufferVSprintf(&opt, "unix:%s",
                               def->graphics[0]->data.vnc.socket);
 

diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index e1502dcde099b5c62fee6168a70e4be705895b1c..9f9e99ee8b2571df412c081c8844b8dba2b2756d 100644 (file)
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -138,6 +138,10 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
         return -1;                                                      \
     }
 
+    p = virConfGetValue (conf, "vnc_auto_unix_socket");
+    CHECK_TYPE ("vnc_auto_unix_socket", VIR_CONF_LONG);
+    if (p) driver->vncAutoUnixSocket = p->l;
+
     p = virConfGetValue (conf, "vnc_tls");
     CHECK_TYPE ("vnc_tls", VIR_CONF_LONG);
     if (p) driver->vncTLS = p->l;

diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index 5a5748b7389da6355e60ea473ff063da53ef5d43..af1be2ec8e8dfdff530bb8165c8c98830b4ec18e 100644 (file)
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -82,6 +82,7 @@ struct qemud_driver {
     char *cacheDir;
     char *saveDir;
     char *snapshotDir;
+    unsigned int vncAutoUnixSocket : 1;
     unsigned int vncTLS : 1;
     unsigned int vncTLSx509verify : 1;
     unsigned int vncSASL : 1;