domain_conf: add "default" to list of valid spice channels

qemu's behavior in this case is to change the spice server behavior to require secure connection to any channel not otherwise specified as being in plaintext mode. libvirt doesn't currently allow requesting this (via plaintext-channel=<channel name>). RHBZ: 819499 Signed-off-by: N Alon Levy <alevy@redhat.com>

domain_conf: add "default" to list of valid spice channels
qemu's behavior in this case is to change the spice server behavior to require secure connection to any channel not otherwise specified as being in plaintext mode. libvirt doesn't currently allow requesting this (via plaintext-channel=<channel name>). RHBZ: 819499 Signed-off-by: N Alon Levy <alevy@redhat.com>
ba97e4ed · Alon Levy · Eric Blake · 4e78ffb6 · ba97e4ed · ba97e4ed
7 changed file
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -2929,6 +2929,13 @@ qemu-kvm -net nic,model=? /dev/null
              <span class="since">Since 0.9.3</span>
              NB, this may not be supported by all hypervisors.
              <span class="since">"spice" since 0.8.6</span>.
+              The <code>defaultMode</code> attribute sets the default channel
+              security policy, valid values are <code>secure</code>,
+              <code>insecure</code> and the default <code>any</code>
+              (which is secure if possible, but falls back to insecure
+              rather than erroring out if no secure path is
+              available). <span class="since">"defaultMode" since
+              0.9.12</span>.
            </p>
            <p>
              When SPICE has both a normal and TLS secured TCP port

--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1774,6 +1774,15 @@
              </choice>
            </attribute>
          </optional>
+          <optional>
+            <attribute name="defaultMode">
+              <choice>
+                <value>any</value>
+                <value>secure</value>
+                <value>insecure</value>
+              </choice>
+            </attribute>
+          </optional>
          <interleave>
            <ref name="listenElements"/>
            <zeroOrMore>

--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -6071,6 +6071,8 @@ virDomainGraphicsDefParseXML(xmlNodePtr node,
        char *port = virXMLPropString(node, "port");
        char *tlsPort;
        char *autoport;
+        char *defaultMode;
+        int defaultModeVal;

        if (port) {
            if (virStrToLong_i(port, NULL, 10, &def->data.spice.port) < 0) {
@@ -6103,6 +6105,20 @@ virDomainGraphicsDefParseXML(xmlNodePtr node,
            VIR_FREE(autoport);
        }

+        def->data.spice.defaultMode = VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_ANY;
+
+        if ((defaultMode = virXMLPropString(node, "defaultMode")) != NULL) {
+            if ((defaultModeVal = virDomainGraphicsSpiceChannelModeTypeFromString(defaultMode)) < 0) {
+                virDomainReportError(VIR_ERR_INTERNAL_ERROR,
+                                     _("unknown default spice channel mode %s"),
+                                     defaultMode);
+                VIR_FREE(defaultMode);
+                goto error;
+            }
+            def->data.spice.defaultMode = defaultModeVal;
+            VIR_FREE(defaultMode);
+        }
+
        if (def->data.spice.port == -1 && def->data.spice.tlsPort == -1) {
            /* Legacy compat syntax, used -1 for auto-port */
            def->data.spice.autoport = 1;
@@ -12124,6 +12140,10 @@ virDomainGraphicsDefFormat(virBufferPtr buf,
            virBufferEscapeString(buf, " keymap='%s'",
                                  def->data.spice.keymap);

+        if (def->data.spice.defaultMode != VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_ANY)
+            virBufferAsprintf(buf, " defaultMode='%s'",
+              virDomainGraphicsSpiceChannelModeTypeToString(def->data.spice.defaultMode));
+
        virDomainGraphicsAuthDefFormatAttr(buf, &def->data.spice.auth, flags);
        break;


--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1233,6 +1233,7 @@ struct _virDomainGraphicsDef {
            virDomainGraphicsAuthDef auth;
            unsigned int autoport :1;
            int channels[VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_LAST];
+            int defaultMode; /* enum virDomainGraphicsSpiceChannelMode */
            int image;
            int jpeg;
            int zlib;

--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -5463,6 +5463,7 @@ qemuBuildCommandLine(virConnectPtr conn,
        const char *listenAddr = NULL;
        char *netAddr = NULL;
        int ret;
+        int defaultMode = def->graphics[0]->data.spice.defaultMode;

        if (!qemuCapsGet(qemuCaps, QEMU_CAPS_SPICE)) {
            qemuReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
@@ -5546,6 +5547,18 @@ qemuBuildCommandLine(virConnectPtr conn,
            virBufferAsprintf(&opt, ",x509-dir=%s",
                              driver->spiceTLSx509certdir);

+        switch (defaultMode) {
+        case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_SECURE:
+            virBufferAsprintf(&opt, ",tls-channel=default");
+            break;
+        case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_INSECURE:
+            virBufferAsprintf(&opt, ",plaintext-channel=default");
+            break;
+        case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_ANY:
+            /* nothing */
+            break;
+        }
+
        for (i = 0 ; i < VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_LAST ; i++) {
            int mode = def->graphics[0]->data.spice.channels[i];
            switch (mode) {

--- a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.args
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.args
@@ -2,7 +2,7 @@ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=spice \
 /usr/bin/qemu -S -M pc -m 214 -smp 1 -nodefaults -monitor \
 unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda \
 /dev/HostVG/QEMUGuest1 -usb -spice port=5903,tls-port=5904,addr=127.0.0.1,\
-x509-dir=/etc/pki/libvirt-spice,tls-channel=main,plaintext-channel=inputs,\
+x509-dir=/etc/pki/libvirt-spice,tls-channel=default,tls-channel=main,plaintext-channel=inputs,\
 image-compression=auto_glz,jpeg-wan-compression=auto,zlib-glz-wan-compression=auto,\
 playback-compression=on,streaming-video=filter,disable-copy-paste -vga \
 qxl -global qxl.vram_size=18874368 -device qxl,id=video1,vram_size=33554432,bus=pci.0,addr=0x4 \

--- a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml
@@ -22,7 +22,7 @@
    <controller type='usb' index='0'/>
    <controller type='ide' index='0'/>
    <input type='mouse' bus='ps2'/>
-    <graphics type='spice' port='5903' tlsPort='5904' autoport='no' listen='127.0.0.1'>
+    <graphics type='spice' port='5903' tlsPort='5904' autoport='no' listen='127.0.0.1' defaultMode='secure'>
      <listen type='address' address='127.0.0.1'/>
      <channel name='main' mode='secure'/>
      <channel name='inputs' mode='insecure'/>