[Spice-devel] [PATCH v3 RESEND] libxl: Spice vdagent support for upstream qemu

Fabio Fantoni fabio.fantoni at m2r.biz
Wed Aug 14 02:19:44 PDT 2013 

Il 23/07/2013 15:42, Fabio Fantoni ha scritto:
> Il 03/07/2013 15:54, fantonifabio at tiscali.it ha scritto:
>> Usage: spicevdagent=1|0 (default=0)
>> Enables spice vdagent. The Spice vdagent is an optional component for
>> enhancing user experience and performing guest-oriented management
>> tasks. Its features includes: client mouse mode (no need to grab mouse
>> by client, no mouse lag), automatic adjustment of screen resolution,
>> copy and paste (text and image) between client and domU. It also
>> requires vdagent service installed on domU o.s. to work.
>>
>> Signed-off-by: Fabio Fantoni <fabio.fantoni at m2r.biz>
>> ---
>>   docs/man/xl.cfg.pod.5       |    9 +++++++++
>>   tools/libxl/libxl_create.c  |    1 +
>>   tools/libxl/libxl_dm.c      |    6 ++++++
>>   tools/libxl/libxl_types.idl |    1 +
>>   tools/libxl/xl_cmdimpl.c    |    2 ++
>>   5 files changed, 19 insertions(+)
>>
>> diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5
>> index f8b4576..766862d 100644
>> --- a/docs/man/xl.cfg.pod.5
>> +++ b/docs/man/xl.cfg.pod.5
>> @@ -1123,6 +1123,15 @@ Specify the ticket password which is used by a 
>> client for connection.
>>   Whether SPICE agent is used for client mouse mode. The default is true
>>   (turn on)
>>   +=item B<spicevdagent=BOOLEAN>
>> +
>> +Enables spice vdagent. The Spice vdagent is an optional component for
>> +enhancing user experience and performing guest-oriented management
>> +tasks. Its features includes: client mouse mode (no need to grab mouse
>> +by client, no mouse lag), automatic adjustment of screen resolution,
>> +copy and paste (text and image) between client and domU. It also
>> +requires vdagent service installed on domU o.s. to work. The default 
>> is 0.
>> +
>>   =back
>>     =head3 Miscellaneous Emulated Hardware
>> diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c
>> index cb9c822..8db5460 100644
>> --- a/tools/libxl/libxl_create.c
>> +++ b/tools/libxl/libxl_create.c
>> @@ -288,6 +288,7 @@ int libxl__domain_build_info_setdefault(libxl__gc 
>> *gc,
>> libxl_defbool_setdefault(&b_info->u.hvm.spice.disable_ticketing,
>>                                        false);
>> libxl_defbool_setdefault(&b_info->u.hvm.spice.agent_mouse, true);
>> + libxl_defbool_setdefault(&b_info->u.hvm.spice.vdagent, false);
>>           }
>> libxl_defbool_setdefault(&b_info->u.hvm.nographic, false);
>> diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c
>> index d10a58f..bc605e4 100644
>> --- a/tools/libxl/libxl_dm.c
>> +++ b/tools/libxl/libxl_dm.c
>> @@ -465,6 +465,12 @@ static char ** 
>> libxl__build_device_model_args_new(libxl__gc *gc,
>>                 flexarray_append(dm_args, "-spice");
>>               flexarray_append(dm_args, spiceoptions);
>> +            if (libxl_defbool_val(b_info->u.hvm.spice.vdagent)) {
>> +                flexarray_vappend(dm_args, "-device", "virtio-serial",
>> +                    "-chardev", "spicevmc,id=vdagent,name=vdagent", 
>> "-device",
>> + "virtserialport,chardev=vdagent,name=com.redhat.spice.0",
>> +                    NULL);
>> +            }
>>           }
>>             switch (b_info->u.hvm.vga.kind) {
>> diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl
>> index ecf1f0b..14425d1 100644
>> --- a/tools/libxl/libxl_types.idl
>> +++ b/tools/libxl/libxl_types.idl
>> @@ -172,6 +172,7 @@ libxl_spice_info = Struct("spice_info", [
>>       ("disable_ticketing", libxl_defbool),
>>       ("passwd",      string),
>>       ("agent_mouse", libxl_defbool),
>> +    ("vdagent",     libxl_defbool),
>>       ])
>>     libxl_sdl_info = Struct("sdl_info", [
>> diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c
>> index c1a969b..44a632c 100644
>> --- a/tools/libxl/xl_cmdimpl.c
>> +++ b/tools/libxl/xl_cmdimpl.c
>> @@ -1491,6 +1491,8 @@ skip_vfb:
>> &b_info->u.hvm.spice.passwd, 0);
>>           xlu_cfg_get_defbool(config, "spiceagent_mouse",
>> &b_info->u.hvm.spice.agent_mouse, 0);
>> +        xlu_cfg_get_defbool(config, "spicevdagent",
>> + &b_info->u.hvm.spice.vdagent, 0);
>>           xlu_cfg_get_defbool(config, "nographic", 
>> &b_info->u.hvm.nographic, 0);
>>           xlu_cfg_get_defbool(config, "gfx_passthru",
>> &b_info->u.hvm.gfx_passthru, 0);
>
> I haven't seen any more replies about that patch.
>
> The complete Ian question was:
>> What are the security implications ?
>
> I don't know the details about security implications but I think risks 
> are minimal. vdagent is disabled by default, therefore you must enable 
> it if you want to use it, and you need the spice client and vdagent 
> must be installed on the domU os. Furthermore spice can be protected 
> with password and/or ssl.
>
>>
>> In particular, does it mean that when the user has a spice client
>> connected to a guest, the guest can spy on the user's clipboard all
>> the time ?
>
> I don't know, do you think we  should ask for details about security 
> implications to qemu or spice experts? (added qemu-devel and 
> spice-devel on cc)
Ping...

More information about the Spice-devel mailing list