1 diff -ur libvirt-8.0.0.orig/src/qemu/qemu_command.c libvirt-8.0.0/src/qemu/qemu_command.c
2 --- libvirt-8.0.0.orig/src/qemu/qemu_command.c 2022-01-23 12:17:21.722539037 +0100
3 +++ libvirt-8.0.0/src/qemu/qemu_command.c 2022-01-23 12:17:43.308582727 +0100
5 virCommandAddEnvPair(cmd, "SASL_CONF_PATH", cfg->vncSASLdir);
7 /* TODO: Support ACLs later */
10 + virBufferAddLit(&opt, ",acl");
14 if (graphics->data.vnc.powerControl != VIR_TRISTATE_BOOL_ABSENT) {
15 diff -ur libvirt-8.0.0.orig/src/qemu/qemu.conf libvirt-8.0.0/src/qemu/qemu.conf
16 --- libvirt-8.0.0.orig/src/qemu/qemu.conf 2022-01-23 12:17:21.720539033 +0100
17 +++ libvirt-8.0.0/src/qemu/qemu.conf 2022-01-23 12:17:43.308582727 +0100
22 +# Enable the VNC access control lists. When switched on this will
23 +# initially block all vnc users from accessing the vnc server. To
24 +# add and remove ids from the ACLs you will need to send the appropriate
25 +# commands to the qemu monitor as required by your particular version of
26 +# QEMU. See the QEMU documentation for more details.
31 # The default SASL configuration file is located in /etc/sasl/
32 # When running libvirtd unprivileged, it may be desirable to
33 # override the configs in this location. Set this parameter to
34 diff -ur libvirt-8.0.0.orig/src/qemu/qemu_conf.c libvirt-8.0.0/src/qemu/qemu_conf.c
35 --- libvirt-8.0.0.orig/src/qemu/qemu_conf.c 2022-01-23 12:17:21.722539037 +0100
36 +++ libvirt-8.0.0/src/qemu/qemu_conf.c 2022-01-23 12:17:43.308582727 +0100
39 if (virConfGetValueBool(conf, "vnc_allow_host_audio", &cfg->vncAllowHostAudio) < 0)
41 + if (virConfGetValueBool(conf, "vnc_acl", &cfg->vncACL) < 0)
44 if (cfg->vncPassword &&
45 strlen(cfg->vncPassword) > 8) {
46 diff -ur libvirt-8.0.0.orig/src/qemu/qemu_conf.h libvirt-8.0.0/src/qemu/qemu_conf.h
47 --- libvirt-8.0.0.orig/src/qemu/qemu_conf.h 2022-01-23 12:17:21.722539037 +0100
48 +++ libvirt-8.0.0/src/qemu/qemu_conf.h 2022-01-23 12:17:43.309582729 +0100
50 bool vncTLSx509verify;
51 bool vncTLSx509verifyPresent;
54 char *vncTLSx509certdir;
55 char *vncTLSx509secretUUID;