Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:olh:testing-xen-unstable
libvirt
libvirt.defaults.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libvirt.defaults.patch of Package libvirt
From: Olaf Hering <olaf@aepfle.de> Date: Wed, 21 Feb 2018 10:03:49 +0000 Subject: defaults --- src/remote/libvirtd.conf.in | 10 ++++----- src/remote/remote_daemon_config.c | 5 +++-- src/remote/test_libvirtd.aug.in | 6 ++--- 3 files changed, 11 insertions(+), 10 deletions(-) --- a/src/remote/libvirtd.conf.in +++ b/src/remote/libvirtd.conf.in @@ -10,42 +10,42 @@ # Flag listening for secure TLS connections on the public TCP/IP port. # # To enable listening sockets with the 'libvirtd' daemon it's also required to # pass the '--listen' flag on the commandline of the daemon. # This is not needed with 'virtproxyd'. # # This setting is not required or honoured if using systemd socket # activation. # # It is necessary to setup a CA and issue server certificates before # using this capability. # -# This is enabled by default, uncomment this to disable it -#listen_tls = 0 +# This is disabled by default, uncomment this to enable it +#listen_tls = 1 # Listen for unencrypted TCP connections on the public TCP/IP port. # # To enable listening sockets with the 'libvirtd' daemon it's also required to # pass the '--listen' flag on the commandline of the daemon. # This is not needed with 'virtproxyd'. # # This setting is not required or honoured if using systemd socket # activation. # # Using the TCP socket requires SASL authentication by default. Only # SASL mechanisms which support data encryption are allowed. This is # DIGEST_MD5 and GSSAPI (Kerberos5) # -# This is disabled by default, uncomment this to enable it. -#listen_tcp = 1 +# This is enabled by default, uncomment this to disable it. +#listen_tcp = 0 # Override the port for accepting secure TLS connections # This can be a port number, or service name # # This setting is not required or honoured if using systemd socket # activation. # #tls_port = "16514" # Override the port for accepting insecure TCP connections @@ -182,25 +182,25 @@ # is essential to change the systemd SocketMode parameter # back to 0600, to avoid an insecure configuration. # #auth_unix_rw = "@default_auth@" @CUT_ENABLE_IP@ # Change the authentication scheme for TCP sockets. # # If you don't enable SASL, then all TCP traffic is cleartext. # Don't do this outside of a dev/test scenario. For real world # use, always enable SASL and use the GSSAPI or DIGEST-MD5 # mechanism in @sysconfdir@/sasl2/libvirt.conf -#auth_tcp = "sasl" +#auth_tcp = "none" # Change the authentication scheme for TLS sockets. # # TLS sockets already have encryption provided by the TLS # layer, and limited authentication is done by certificates # # It is possible to make use of any SASL authentication # mechanism as well, by using 'sasl' for this option #auth_tls = "none" # Enforce a minimum SSF value for TCP sockets # --- a/src/remote/remote_daemon_config.c +++ b/src/remote/remote_daemon_config.c @@ -86,29 +86,29 @@ daemonConfigFilePath(bool privileged, char **configfile) } } struct daemonConfig* daemonConfigNew(bool privileged G_GNUC_UNUSED) { struct daemonConfig *data; data = g_new0(struct daemonConfig, 1); #ifdef WITH_IP # ifdef LIBVIRTD - data->listen_tls = true; /* Only honoured if --listen is set */ + data->listen_tls = false; /* Only honoured if --listen is set */ # else /* ! LIBVIRTD */ data->listen_tls = false; /* Always honoured, --listen doesn't exist. */ # endif /* ! LIBVIRTD */ - data->listen_tcp = false; + data->listen_tcp = true; data->tls_port = g_strdup(LIBVIRTD_TLS_PORT); data->tcp_port = g_strdup(LIBVIRTD_TCP_PORT); #endif /* !WITH_IP */ /* Only default to PolicyKit if running as root */ #if WITH_POLKIT if (privileged) { data->auth_unix_rw = REMOTE_AUTH_POLKIT; data->auth_unix_ro = REMOTE_AUTH_POLKIT; } else { #endif @@ -116,24 +116,25 @@ daemonConfigNew(bool privileged G_GNUC_UNUSED) data->auth_unix_ro = REMOTE_AUTH_NONE; #if WITH_POLKIT } #endif data->unix_sock_rw_perms = g_strdup(data->auth_unix_rw == REMOTE_AUTH_POLKIT ? "0777" : "0700"); data->unix_sock_ro_perms = g_strdup("0777"); data->unix_sock_admin_perms = g_strdup("0700"); #ifdef WITH_IP # if WITH_SASL data->auth_tcp = REMOTE_AUTH_SASL; + data->auth_tcp = REMOTE_AUTH_NONE; # else data->auth_tcp = REMOTE_AUTH_NONE; # endif data->auth_tls = REMOTE_AUTH_NONE; #endif /* ! WITH_IP */ #if WITH_IP data->tcp_min_ssf = 56; /* good enough for kerberos */ #endif data->min_workers = 5; data->max_workers = 20; --- a/src/remote/test_libvirtd.aug.in +++ b/src/remote/test_libvirtd.aug.in @@ -1,32 +1,32 @@ module Test_@DAEMON_NAME@ = @CONFIG@ test @DAEMON_NAME_UC@.lns get conf = @CUT_ENABLE_IP@ - { "listen_tls" = "0" } - { "listen_tcp" = "1" } + { "listen_tls" = "1" } + { "listen_tcp" = "0" } { "tls_port" = "16514" } { "tcp_port" = "16509" } { "listen_addr" = "192.168.0.1" } @END@ { "unix_sock_group" = "libvirt" } { "unix_sock_ro_perms" = "0777" } { "unix_sock_rw_perms" = "0770" } { "unix_sock_admin_perms" = "0700" } { "unix_sock_dir" = "@runstatedir@/libvirt" } { "auth_unix_ro" = "@default_auth@" } { "auth_unix_rw" = "@default_auth@" } @CUT_ENABLE_IP@ - { "auth_tcp" = "sasl" } + { "auth_tcp" = "none" } { "auth_tls" = "none" } { "tcp_min_ssf" = "112" } @END@ { "access_drivers" { "1" = "polkit" } } @CUT_ENABLE_IP@ { "key_file" = "@sysconfdir@/pki/libvirt/private/serverkey.pem" } { "cert_file" = "@sysconfdir@/pki/libvirt/servercert.pem" } { "ca_file" = "@sysconfdir@/pki/CA/cacert.pem" } { "crl_file" = "@sysconfdir@/pki/CA/crl.pem" } { "tls_no_sanity_certificate" = "1" }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor