conf: add support for VNC power control setting

The <graphics type="vnc" .... powerControl="yes"/> option instructs the
VNC server to enable an extension that lets the client perform a
graceful shutdown, reboot and hard reset.

This is enabled by default since it cannot be assumed that the VNC
client user has administrator rights over the guest OS. In the case
where the VNC user is a guest administrator though, it is reasonable
to allow direct power control host side too.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index b434ada8f081bab6ff280cf8a7c5ba64aa486ed6..0123c84c96565cf224b87cb4a191a1adfbba3718 100644 (file)
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -5791,6 +5791,11 @@ interaction with the admin.
       ``autoport`` having no effect due to security reasons) :since:`Since
       1.0.6` .
 
+      For VNC, the ``powerControl`` attribute can be used to enable VM shutdown,
+      reboot and reset power control features for the VNC client. This is
+      appropriate if the authenticated VNC client user already has administrator
+      privileges in the guest :since:`Since 7.1.0`.
+
       Although VNC doesn't support OpenGL natively, it can be paired with
       graphics type ``egl-headless`` (see below) which will instruct QEMU to
       open and use drm nodes for OpenGL rendering.

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index d73db65742b5f9be941ed505880061842da7e7ff..6dfd551e981933e62a15dddf6a0bb205f29d9110 100644 (file)
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -3663,6 +3663,11 @@
                   </choice>
                 </attribute>
               </optional>
+              <optional>
+                <attribute name="powerControl">
+                  <ref name="virYesNo"/>
+                </attribute>
+              </optional>
             </group>
             <group>
               <optional>

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 8bc68f435be6fa5cf91e89cc70af3744b8a602fe..4da2b7642bb33319ff7a60d1c551d2553c348e00 100644 (file)
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -13149,6 +13149,7 @@ virDomainGraphicsDefParseXMLVNC(virDomainGraphicsDefPtr def,
     g_autofree char *websocketGenerated = virXMLPropString(node, "websocketGenerated");
     g_autofree char *sharePolicy = virXMLPropString(node, "sharePolicy");
     g_autofree char *autoport = virXMLPropString(node, "autoport");
+    g_autofree char *powerControl = virXMLPropString(node, "powerControl");
 
     if (virDomainGraphicsListensParseXML(def, node, ctxt, flags) < 0)
         return -1;
@@ -13205,6 +13206,16 @@ virDomainGraphicsDefParseXMLVNC(virDomainGraphicsDefPtr def,
         }
     }
 
+    if (powerControl) {
+        int powerControlVal = virTristateBoolTypeFromString(powerControl);
+        if (powerControlVal < 0) {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           _("cannot parse vnc power control '%s'"), powerControl);
+            return -1;
+        }
+        def->data.vnc.powerControl = powerControlVal;
+    }
+
     def->data.vnc.keymap = virXMLPropString(node, "keymap");
 
     if (virDomainGraphicsAuthDefParseXML(node, &def->data.vnc.auth,
@@ -27116,6 +27127,10 @@ virDomainGraphicsDefFormat(virBufferPtr buf,
                               virDomainGraphicsVNCSharePolicyTypeToString(
                               def->data.vnc.sharePolicy));
 
+        if (def->data.vnc.powerControl)
+            virBufferAsprintf(buf, " powerControl='%s'",
+                              virTristateBoolTypeToString(def->data.vnc.powerControl));
+
         virDomainGraphicsAuthDefFormatAttr(buf, &def->data.vnc.auth, flags);
         break;
 

diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 930eed60deb2fac5068d5e00b39ecdf1c5a80459..881d64bae9812f3cc7c89db39869d75ae0b417cf 100644 (file)
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1712,6 +1712,7 @@ struct _virDomainGraphicsDef {
             char *keymap;
             virDomainGraphicsAuthDef auth;
             int sharePolicy;
+            virTristateBool powerControl;
         } vnc;
         struct {
             char *display;