# NB, strong recommendation to enable TLS + x509 certificate
# verification when allowing public access
#
-# vnc_listen = "0.0.0.0"
+#vnc_listen = "0.0.0.0"
# Enable this option to have VNC served over an automatically created
# unix socket. This prevents unprivileged access from users on the
# a hardcoded 'listen' or 'socket' value. This setting takes preference
# over vnc_listen.
#
-# vnc_auto_unix_socket = 1
+#vnc_auto_unix_socket = 1
# Enable use of TLS encryption on the VNC server. This requires
# a VNC client which supports the VeNCrypt protocol extension.
# It is necessary to setup CA and issue a server certificate
# before enabling this.
#
-# vnc_tls = 1
+#vnc_tls = 1
# Use of TLS requires that x509 certificates be issued. The
#
# This option allows the certificate directory to be changed
#
-# vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
+#vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
# The default TLS configuration only uses certificates for the server
# Enabling this option will reject any client who does not have a
# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
#
-# vnc_tls_x509_verify = 1
+#vnc_tls_x509_verify = 1
# The default VNC password. Only 8 letters are significant for
# effectively preventing any use of VNC. Obviously change this
# example here before you set this.
#
-# vnc_password = "XYZ12345"
+#vnc_password = "XYZ12345"
# Enable use of SASL encryption on the VNC server. This requires
# It is necessary to configure /etc/sasl2/qemu.conf to choose
# the desired SASL plugin (eg, GSSPI for Kerberos)
#
-# vnc_sasl = 1
+#vnc_sasl = 1
# The default SASL configuration file is located in /etc/sasl2/
# override the configs in this location. Set this parameter to
# point to the directory, and create a qemu.conf in that location
#
-# vnc_sasl_dir = "/some/directory/sasl2"
+#vnc_sasl_dir = "/some/directory/sasl2"
# NB, strong recommendation to enable TLS + x509 certificate
# verification when allowing public access
#
-# spice_listen = "0.0.0.0"
+#spice_listen = "0.0.0.0"
# Enable use of TLS encryption on the SPICE server.
# It is necessary to setup CA and issue a server certificate
# before enabling this.
#
-# spice_tls = 1
+#spice_tls = 1
# Use of TLS requires that x509 certificates be issued. The
#
# This option allows the certificate directory to be changed.
#
-# spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"
+#spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"
# The default SPICE password. This parameter is only used if the
# QEMU, effectively preventing any use of SPICE. Obviously change
# this example here before you set this.
#
-# spice_password = "XYZ12345"
+#spice_password = "XYZ12345"
# The default security driver is SELinux. If SELinux is disabled
# leaving SELinux enabled for the host in general, then set this
# to 'none' instead.
#
-# security_driver = "selinux"
+#security_driver = "selinux"
# If set to non-zero, then the default security labeling
# will make guests confined. If set to zero, then guests
# will be unconfined by default. Defaults to 1.
-# security_default_confined = 1
+#security_default_confined = 1
# If set to non-zero, then attempts to create unconfined
# guests will be blocked. Defaults to 0.
-# security_require_confined = 1
+#security_require_confined = 1
# The user ID for QEMU processes run by the system instance.
#user = "root"
# can be mounted in different locations. libvirt will detect
# where they are located.
#
-# cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ]
+#cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ]
# This is the basic set of devices allowed / required by
# all virtual machines.
# "/dev/null", "/dev/full", "/dev/zero",
# "/dev/random", "/dev/urandom",
# "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
-# "/dev/rtc", "/dev/hpet",
+# "/dev/rtc","/dev/hpet"
#]
# the requested compression program can't be found, this falls
# back to "raw" compression.
#
-# save_image_format = "raw"
-# dump_image_format = "raw"
+#save_image_format = "raw"
+#dump_image_format = "raw"
# When a domain is configured to be auto-dumped when libvirtd receives a
# watchdog event from qemu guest, libvirtd will save dump files in directory
# specified by auto_dump_path. Default value is /var/lib/libvirt/qemu/dump
#
-# auto_dump_path = "/var/lib/libvirt/qemu/dump"
+#auto_dump_path = "/var/lib/libvirt/qemu/dump"
# When a domain is configured to be auto-dumped, enabling this flag
# has the same effect as using the VIR_DUMP_BYPASS_CACHE flag with the
# file system cache while writing the dump file, but may cause
# slower operation.
#
-# auto_dump_bypass_cache = 0
+#auto_dump_bypass_cache = 0
# When a domain is configured to be auto-started, enabling this flag
# has the same effect as using the VIR_DOMAIN_START_BYPASS_CACHE flag
# avoid using the file system cache when restoring any managed state
# file, but may cause slower operation.
#
-# auto_start_bypass_cache = 0
+#auto_start_bypass_cache = 0
# If provided by the host and a hugetlbfs mount point is configured,
# a guest may request huge page backing. When this mount point is
# NB, within this mount point, guests will create memory backing files
# in a location of $MOUNTPOINT/libvirt/qemu
#
-# hugetlbfs_mount = "/dev/hugepages"
+#hugetlbfs_mount = "/dev/hugepages"
# mac_filter enables MAC addressed based filtering on bridge ports.
# This currently requires ebtables to be installed.
#
-# mac_filter = 1
+#mac_filter = 1
# By default, PCI devices below non-ACS switch are not allowed to be assigned
# to guests. By setting relaxed_acs_check to 1 such devices will be allowed to
# be assigned to guests.
#
-# relaxed_acs_check = 1
+#relaxed_acs_check = 1
# QEMU implements an extension for providing audio over a VNC connection,
# permissions issues. Enabling this option will make libvirtd honor the
# QEMU_AUDIO_DRV environment variable when using VNC.
#
-# vnc_allow_host_audio = 0
+#vnc_allow_host_audio = 0
# If clear_emulator_capabilities is enabled, libvirt will drop all
# Warning: Disabling this option means that a compromised guest can
# exploit the privileges and possibly do damage to the host.
#
-# clear_emulator_capabilities = 1
+#clear_emulator_capabilities = 1
# If allow_disk_format_probing is enabled, libvirt will probe disk
# guest XML <disk> elements to include <driver type='XXXX'/>
# elements instead of enabling this option.
#
-# allow_disk_format_probing = 1
+#allow_disk_format_probing = 1
# If enabled, libvirt will have QEMU set its process name to
# its process title, so the complete QEMU command (emulator and
# its arguments) appear in process listings.
#
-# set_process_name = 1
+#set_process_name = 1
# If max_processes is set to a positive integer, libvirt will use
# The same applies to max_files which sets the limit on the maximum
# number of opened files.
#
-# max_processes = 0
-# max_files = 0
+#max_processes = 0
+#max_files = 0
# To enable 'Sanlock' project based locking of the file
# content (to prevent two VMs writing to the same
# disk), uncomment this
#
-# lock_manager = "sanlock"
+#lock_manager = "sanlock"
# Set limit of maximum APIs queued on one domain. All other APIs
# over this threshold will fail on acquiring job lock. Specially,
# setting to zero turns this feature off.
# Note, that job lock is per domain.
#
-# max_queued = 0
+#max_queued = 0
###################################################################
# Keepalive protocol:
projects / thirdparty / libvirt.git / commitdiff
