-From: Neil Wilson <neil@brightbox.co.uk>
-To: libvir-list@redhat.com
-Date: Mon, 10 Jan 2011 09:52:56 +0000
-Message-ID: <1294653176.3013.16.camel@lenovo-3000-n100>
-
-Hi,
-
-Here's the patch to add basic ACL support to QEMU within libvirt. Like
-SASL it's ignored by RHEL5's default qemu. Newer qemu picks it up as
-expected and you can manipulate the acls using 'virsh'.
-
-
-diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
-index ba41f80..7ab5eee 100644
---- a/src/qemu/qemu.conf
-+++ b/src/qemu/qemu.conf
-@@ -71,6 +71,15 @@
- # vnc_sasl = 1
+diff -ur libvirt-10.2.0.orig/src/qemu/qemu_command.c libvirt-10.2.0/src/qemu/qemu_command.c
+--- libvirt-10.2.0.orig/src/qemu/qemu_command.c 2024-04-03 17:49:34.976744165 +0200
++++ libvirt-10.2.0/src/qemu/qemu_command.c 2024-04-03 17:49:53.468991419 +0200
+@@ -8201,6 +8201,10 @@
+ virCommandAddEnvPair(cmd, "SASL_CONF_PATH", cfg->vncSASLdir);
+
+ /* TODO: Support ACLs later */
++
++ if (cfg->vncACL)
++ virBufferAddLit(&opt, ",acl");
++
+ }
+
+ if (graphics->data.vnc.powerControl != VIR_TRISTATE_BOOL_ABSENT) {
+diff -ur libvirt-10.2.0.orig/src/qemu/qemu_conf.c libvirt-10.2.0/src/qemu/qemu_conf.c
+--- libvirt-10.2.0.orig/src/qemu/qemu_conf.c 2024-04-03 17:49:34.976744165 +0200
++++ libvirt-10.2.0/src/qemu/qemu_conf.c 2024-04-03 17:49:53.472991473 +0200
+@@ -441,6 +441,8 @@
+ return -1;
+ if (virConfGetValueBool(conf, "vnc_allow_host_audio", &cfg->vncAllowHostAudio) < 0)
+ return -1;
++ if (virConfGetValueBool(conf, "vnc_acl", &cfg->vncACL) < 0)
++ return -1;
+
+ if (cfg->vncPassword &&
+ strlen(cfg->vncPassword) > 8) {
+diff -ur libvirt-10.2.0.orig/src/qemu/qemu_conf.h libvirt-10.2.0/src/qemu/qemu_conf.h
+--- libvirt-10.2.0.orig/src/qemu/qemu_conf.h 2024-04-03 17:49:34.980744218 +0200
++++ libvirt-10.2.0/src/qemu/qemu_conf.h 2024-04-03 17:49:53.472991473 +0200
+@@ -120,6 +120,7 @@
+ bool vncTLSx509verify;
+ bool vncTLSx509verifyPresent;
+ bool vncSASL;
++ bool vncACL;
+ char *vncTLSx509certdir;
+ char *vncTLSx509secretUUID;
+ char *vncListen;
+diff -ur libvirt-10.2.0.orig/src/qemu/qemu.conf.in libvirt-10.2.0/src/qemu/qemu.conf.in
+--- libvirt-10.2.0.orig/src/qemu/qemu.conf.in 2024-04-03 17:49:34.976744165 +0200
++++ libvirt-10.2.0/src/qemu/qemu.conf.in 2024-04-03 17:49:53.472991473 +0200
+@@ -147,6 +147,15 @@
+ #vnc_sasl = 1
+# Enable the VNC access control lists. When switched on this will
+# add and remove ids from the ACLs you will need to send the appropriate
+# commands to the qemu monitor as required by your particular version of
+# QEMU. See the QEMU documentation for more details.
-+#
++#
+# vnc_acl = 1
+
+
# The default SASL configuration file is located in /etc/sasl/
# When running libvirtd unprivileged, it may be desirable to
# override the configs in this location. Set this parameter to
---- libvirt-1.0.6/src/qemu/qemu_command.c.orig 2013-06-16 15:45:37.115181922 +0200
-+++ libvirt-1.0.6/src/qemu/qemu_command.c 2013-06-16 15:47:49.335179175 +0200
-@@ -6178,6 +6178,10 @@
-
- /* TODO: Support ACLs later */
- }
-+
-+ if (cfg->vncACL)
-+ virBufferAddLit(&opt, ",acl");
-+
- }
-
- virCommandAddArg(cmd, "-vnc");
---- libvirt-1.1.3/src/qemu/qemu_conf.c.orig 2013-10-22 20:38:43.522043292 +0200
-+++ libvirt-1.1.3/src/qemu/qemu_conf.c 2013-10-22 20:45:19.515360007 +0200
-@@ -357,6 +357,7 @@
- GET_VALUE_STR("vnc_sasl_dir", cfg->vncSASLdir);
- GET_VALUE_BOOL("vnc_allow_host_audio", cfg->vncAllowHostAudio);
- GET_VALUE_BOOL("nographics_allow_host_audio", cfg->nogfxAllowHostAudio);
-+ GET_VALUE_LONG("vnc_acl", cfg->vncACL);
-
- p = virConfGetValue(conf, "security_driver");
- if (p && p->type == VIR_CONF_LIST) {
---- libvirt-1.0.3/src/qemu/qemu_conf.h.orig 2013-03-09 13:10:30.059751685 +0100
-+++ libvirt-1.0.3/src/qemu/qemu_conf.h 2013-03-09 13:54:17.296308093 +0100
-@@ -102,6 +102,7 @@
- bool vncTLS;
- bool vncTLSx509verify;
- bool vncSASL;
-+ bool vncACL;
- char *vncTLSx509certdir;
- char *vncListen;
- char *vncPassword;