1 diff -ur libvirt-9.5.0.orig/src/qemu/qemu_command.c libvirt-9.5.0/src/qemu/qemu_command.c
2 --- libvirt-9.5.0.orig/src/qemu/qemu_command.c 2023-07-20 17:19:16.014948742 +0200
3 +++ libvirt-9.5.0/src/qemu/qemu_command.c 2023-07-20 17:19:30.957162714 +0200
5 virCommandAddEnvPair(cmd, "SASL_CONF_PATH", cfg->vncSASLdir);
7 /* TODO: Support ACLs later */
10 + virBufferAddLit(&opt, ",acl");
14 if (graphics->data.vnc.powerControl != VIR_TRISTATE_BOOL_ABSENT) {
15 diff -ur libvirt-9.5.0.orig/src/qemu/qemu_conf.c libvirt-9.5.0/src/qemu/qemu_conf.c
16 --- libvirt-9.5.0.orig/src/qemu/qemu_conf.c 2023-07-20 17:19:16.014948742 +0200
17 +++ libvirt-9.5.0/src/qemu/qemu_conf.c 2023-07-20 17:19:30.958162728 +0200
20 if (virConfGetValueBool(conf, "vnc_allow_host_audio", &cfg->vncAllowHostAudio) < 0)
22 + if (virConfGetValueBool(conf, "vnc_acl", &cfg->vncACL) < 0)
25 if (cfg->vncPassword &&
26 strlen(cfg->vncPassword) > 8) {
27 diff -ur libvirt-9.5.0.orig/src/qemu/qemu_conf.h libvirt-9.5.0/src/qemu/qemu_conf.h
28 --- libvirt-9.5.0.orig/src/qemu/qemu_conf.h 2023-07-20 17:19:16.014948742 +0200
29 +++ libvirt-9.5.0/src/qemu/qemu_conf.h 2023-07-20 17:19:30.958162728 +0200
31 bool vncTLSx509verify;
32 bool vncTLSx509verifyPresent;
35 char *vncTLSx509certdir;
36 char *vncTLSx509secretUUID;
38 diff -ur libvirt-9.5.0.orig/src/qemu/qemu.conf.in libvirt-9.5.0/src/qemu/qemu.conf.in
39 --- libvirt-9.5.0.orig/src/qemu/qemu.conf.in 2023-07-20 17:19:16.013948728 +0200
40 +++ libvirt-9.5.0/src/qemu/qemu.conf.in 2023-07-20 17:19:30.958162728 +0200
45 +# Enable the VNC access control lists. When switched on this will
46 +# initially block all vnc users from accessing the vnc server. To
47 +# add and remove ids from the ACLs you will need to send the appropriate
48 +# commands to the qemu monitor as required by your particular version of
49 +# QEMU. See the QEMU documentation for more details.
54 # The default SASL configuration file is located in /etc/sasl/
55 # When running libvirtd unprivileged, it may be desirable to
56 # override the configs in this location. Set this parameter to