2017-08-03 19:28:59 +02:00
|
|
|
Disable TLS by default
|
|
|
|
|
|
|
|
On SUSE distros, the default is for libvirtd to listen only on the
|
|
|
|
Unix Domain Socket. The libvirt client still provides remote access
|
|
|
|
via a SSH tunnel.
|
2017-11-02 23:48:50 +01:00
|
|
|
Index: libvirt-3.9.0/daemon/libvirtd.conf
|
2008-09-01 17:06:07 +02:00
|
|
|
===================================================================
|
2017-11-02 23:48:50 +01:00
|
|
|
--- libvirt-3.9.0.orig/daemon/libvirtd.conf
|
|
|
|
+++ libvirt-3.9.0/daemon/libvirtd.conf
|
2009-01-29 01:42:42 +01:00
|
|
|
@@ -18,8 +18,8 @@
|
2008-09-01 17:06:07 +02:00
|
|
|
# It is necessary to setup a CA and issue server certificates before
|
|
|
|
# using this capability.
|
|
|
|
#
|
|
|
|
-# This is enabled by default, uncomment this to disable it
|
|
|
|
-#listen_tls = 0
|
|
|
|
+# This is disabled by default, uncomment this to enable it
|
|
|
|
+#listen_tls = 1
|
|
|
|
|
|
|
|
# Listen for unencrypted TCP connections on the public TCP/IP port.
|
|
|
|
# NB, must pass the --listen flag to the libvirtd process for this to
|
2017-11-02 23:48:50 +01:00
|
|
|
Index: libvirt-3.9.0/daemon/libvirtd-config.c
|
2008-09-01 17:06:07 +02:00
|
|
|
===================================================================
|
2017-11-02 23:48:50 +01:00
|
|
|
--- libvirt-3.9.0.orig/daemon/libvirtd-config.c
|
|
|
|
+++ libvirt-3.9.0/daemon/libvirtd-config.c
|
Accepting request 476767 from home:jfehlig:branches:Virtualization
- Update to libvirt 3.1.0
- Modularize storage driver by splitting it into backend-specific
subpackages
- CVE-2017-2635, bsc#1027075
- Many incremental improvements and bug fixes, see
http://libvirt.org/news.html
- Dropped patches:
b018ada3-shunloadtest-build-fix.patch,
f86a7a83-libxl-dom0-balloon-fix.patch,
6e4759d0-libxl-timer-fix.patch,
87df87e0-libxl-timer-tsc-emulate.patch,
b4386fda-xenconfig-timer-fix.patch,
d3970925-timer-tests.patch,
321a28c6-libxl-default-disk-format.patch,
bd116810-libxl-fix-disk-detach.patch,
ff225538-libxl-autoballoon-setting.patch,
c89a6e78-libxl-physinfo-cleanup.patch,
d2b77608-libxl-maxmem-fix.patch,
79692c38-libxl-dom0-maxmem.patch,
4ab0c959-libxl-mem-leak.patch,
2dc1cf19-libxl-double-free.patch,
apparmor-errormsg-fix.patch,
apparmor-alt-seclabel.patch,
qemu-disable-namespaces.patch
OBS-URL: https://build.opensuse.org/request/show/476767
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=588
2017-03-03 16:02:55 +01:00
|
|
|
@@ -110,7 +110,7 @@ daemonConfigNew(bool privileged ATTRIBUT
|
2013-07-30 22:33:47 +02:00
|
|
|
if (VIR_ALLOC(data) < 0)
|
2011-07-05 22:25:50 +02:00
|
|
|
return NULL;
|
2008-09-01 17:06:07 +02:00
|
|
|
|
2011-07-05 22:25:50 +02:00
|
|
|
- data->listen_tls = 1;
|
|
|
|
+ data->listen_tls = 0;
|
|
|
|
data->listen_tcp = 0;
|
|
|
|
|
2013-06-05 00:48:46 +02:00
|
|
|
if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 ||
|
2017-11-02 23:48:50 +01:00
|
|
|
Index: libvirt-3.9.0/daemon/test_libvirtd.aug.in
|
2014-04-04 15:07:17 +02:00
|
|
|
===================================================================
|
2017-11-02 23:48:50 +01:00
|
|
|
--- libvirt-3.9.0.orig/daemon/test_libvirtd.aug.in
|
|
|
|
+++ libvirt-3.9.0/daemon/test_libvirtd.aug.in
|
2014-04-04 15:07:17 +02:00
|
|
|
@@ -2,7 +2,7 @@ module Test_libvirtd =
|
|
|
|
::CONFIG::
|
|
|
|
|
|
|
|
test Libvirtd.lns get conf =
|
|
|
|
- { "listen_tls" = "0" }
|
|
|
|
+ { "listen_tls" = "1" }
|
|
|
|
{ "listen_tcp" = "1" }
|
|
|
|
{ "tls_port" = "16514" }
|
|
|
|
{ "tcp_port" = "16509" }
|