libvirt/suse-libvirtd-disable-tls.patch
James Fehlig 9462ef6485 Accepting request 593871 from home:jfehlig:branches:Virtualization
- util: improvements in error handling
  09877303-virSocketAddrParseInternal.patch,
  412afdb8-intro-virSocketAddrParseAny.patch
  bsc#1080957

- Update to libvirt 4.2.0
  - Many incremental improvements and bug fixes, see
    http://libvirt.org/news.html
  - Dropped patches:
    6b3d716e-keycodemap-py3.patch,
    33c6eb96-fix-libvirtd-reload-deadlock.patch,
    464889ff-rpc-aquire-ref-dispatch.patch,
    c6f1d519-rpc-simplify-dispatch.patch,
    06e7ebb6-rpc-invoke-dispatch-unlocked.patch,
    86cae503-rpc-fix-pre-exec.patch,
    eefabb38-rpc-virtlockd-virtlogd-single-thread.patch,
    fbf31e1a-CVE-2018-1064.patch,
    fb327ac2-virtlockd-admin-socket.patch,
    64370c4b-libxl-MigrateBegin.patch,
    99486799-libxl-MigrateConfirm.patch,
    f5eacf2a-libxl-MigratePerform.patch,
    4e6fcdb6-libxl-libxlDomObjFromDomain-cleanup.patch,
    fe51dbda-libxl-use-FindByRef.patch,
    60b3fcd9-libxl-MigratePrepare.patch,
    3c89868c-libxl-lock-after-ListRemove.patch,
    13e81fc6-libxl-EndJob-on-error.patch,
    594b8b99-libxl-DefineXMLFlags-API-pattern.patch,
    c66e344e-libxl-dont-deref-NULL.patch,
    83edaf44-libxl-dont-hardcode-sched-weight.patch,
    apibuild-py3.patch

OBS-URL: https://build.opensuse.org/request/show/593871
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=683
2018-04-05 21:47:55 +00:00

47 lines
1.7 KiB
Diff

Disable TLS by default
On SUSE distros, the default is for libvirtd to listen only on the
Unix Domain Socket. The libvirt client still provides remote access
via a SSH tunnel.
Index: libvirt-4.2.0/src/remote/libvirtd.conf
===================================================================
--- libvirt-4.2.0.orig/src/remote/libvirtd.conf
+++ libvirt-4.2.0/src/remote/libvirtd.conf
@@ -18,8 +18,8 @@
# It is necessary to setup a CA and issue server certificates before
# using this capability.
#
-# This is enabled by default, uncomment this to disable it
-#listen_tls = 0
+# This is disabled by default, uncomment this to enable it
+#listen_tls = 1
# Listen for unencrypted TCP connections on the public TCP/IP port.
# NB, must pass the --listen flag to the libvirtd process for this to
Index: libvirt-4.2.0/src/remote/remote_daemon_config.c
===================================================================
--- libvirt-4.2.0.orig/src/remote/remote_daemon_config.c
+++ libvirt-4.2.0/src/remote/remote_daemon_config.c
@@ -110,7 +110,7 @@ daemonConfigNew(bool privileged ATTRIBUT
if (VIR_ALLOC(data) < 0)
return NULL;
- data->listen_tls = 1;
+ data->listen_tls = 0;
data->listen_tcp = 0;
if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 ||
Index: libvirt-4.2.0/src/remote/test_libvirtd.aug.in
===================================================================
--- libvirt-4.2.0.orig/src/remote/test_libvirtd.aug.in
+++ libvirt-4.2.0/src/remote/test_libvirtd.aug.in
@@ -2,7 +2,7 @@ module Test_libvirtd =
::CONFIG::
test Libvirtd.lns get conf =
- { "listen_tls" = "0" }
+ { "listen_tls" = "1" }
{ "listen_tcp" = "1" }
{ "tls_port" = "16514" }
{ "tcp_port" = "16509" }