1 diff -urp libvirt-3.0.0.orig/src/qemu/qemu_command.c libvirt-3.0.0/src/qemu/qemu_command.c
2 --- libvirt-3.0.0.orig/src/qemu/qemu_command.c 2017-02-11 16:00:09.943362563 +0000
3 +++ libvirt-3.0.0/src/qemu/qemu_command.c 2017-02-11 16:01:03.437361961 +0000
4 @@ -7650,6 +7650,10 @@ qemuBuildGraphicsVNCCommandLine(virQEMUD
5 virCommandAddEnvPair(cmd, "SASL_CONF_PATH", cfg->vncSASLdir);
7 /* TODO: Support ACLs later */
10 + virBufferAddLit(&opt, ",acl");
14 virCommandAddArg(cmd, "-vnc");
15 diff -urp libvirt-3.0.0.orig/src/qemu/qemu.conf libvirt-3.0.0/src/qemu/qemu.conf
16 --- libvirt-3.0.0.orig/src/qemu/qemu.conf 2017-02-11 16:00:09.945362563 +0000
17 +++ libvirt-3.0.0/src/qemu/qemu.conf 2017-02-11 16:01:03.438361961 +0000
22 +# Enable the VNC access control lists. When switched on this will
23 +# initially block all vnc users from accessing the vnc server. To
24 +# add and remove ids from the ACLs you will need to send the appropriate
25 +# commands to the qemu monitor as required by your particular version of
26 +# QEMU. See the QEMU documentation for more details.
31 # The default SASL configuration file is located in /etc/sasl/
32 # When running libvirtd unprivileged, it may be desirable to
33 # override the configs in this location. Set this parameter to
34 diff -urp libvirt-3.0.0.orig/src/qemu/qemu_conf.c libvirt-3.0.0/src/qemu/qemu_conf.c
35 --- libvirt-3.0.0.orig/src/qemu/qemu_conf.c 2017-02-11 16:00:09.943362563 +0000
36 +++ libvirt-3.0.0/src/qemu/qemu_conf.c 2017-02-11 16:01:03.438361961 +0000
37 @@ -487,6 +487,8 @@ int virQEMUDriverConfigLoadFile(virQEMUD
39 if (virConfGetValueBool(conf, "nographics_allow_host_audio", &cfg->nogfxAllowHostAudio) < 0)
41 + if (virConfGetValueBool(conf, "vnc_acl", &cfg->vncACL) < 0)
45 if (virConfGetValueStringList(conf, "security_driver", true, &cfg->securityDriverNames) < 0)
46 diff -urp libvirt-3.0.0.orig/src/qemu/qemu_conf.h libvirt-3.0.0/src/qemu/qemu_conf.h
47 --- libvirt-3.0.0.orig/src/qemu/qemu_conf.h 2017-02-11 16:00:09.943362563 +0000
48 +++ libvirt-3.0.0/src/qemu/qemu_conf.h 2017-02-11 16:01:03.438361961 +0000
49 @@ -119,6 +119,7 @@ struct _virQEMUDriverConfig {
51 bool vncTLSx509verify;
54 char *vncTLSx509certdir;