rpm/libvirt
SHA256
1
0
Fork 0
forked from pool/libvirt
Code Pull Requests Activity
6a7adc1de1
libvirt/suse-libvirtd-disable-tls.patch
James Fehlig b495b9f65b Accepting request 831542 from home:jfehlig:branches:Virtualization 
- spec: Enable the same hypervisor drivers for openSUSE and SLE
  jsc#SLE-11772
- spec: Enable the same storage drivers for openSUSE and SLE
  jsc#SLE-11877

- qemu: Reprobe capabilities if the qemu modules directory changes
  2ad009ea-qemu-check-modules-dir.patch
  boo#1175320

- Update to libvirt 6.7.0
  - jsc#SLE-14253, jsc#SLE-15159
  - CVE-2020-14339
  - Many incremental improvements and bug fixes, see
    https://libvirt.org/news.html
  - Dropped patches:
    2edd63a0-fix-virFileSetCOW-logic.patch,
    82bb167f-dont-cache-devmapper-major.patch,
    feb8564a-handle-no-devmapper.patch,
    53d9af1e-ignore-devmapper-open-errors.patch,
    support-managed-pci-xen-driver.patch,
    disable-multipath-pr-tests.patch

OBS-URL: https://build.opensuse.org/request/show/831542
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=840
2020-09-02 22:47:08 +00:00

34 lines
1.4 KiB
Diff
Raw Blame History

Disable TLS by default
On SUSE distros, the default is for libvirtd to listen only on the
Unix Domain Socket. The libvirt client still provides remote access
via a SSH tunnel.
Index: libvirt-6.7.0/src/remote/remote_daemon_config.c
===================================================================
--- libvirt-6.7.0.orig/src/remote/remote_daemon_config.c
+++ libvirt-6.7.0/src/remote/remote_daemon_config.c
@@ -99,7 +99,7 @@ daemonConfigNew(bool privileged G_GNUC_U
#ifdef WITH_IP
# ifdef LIBVIRTD
- data->listen_tls = true; /* Only honoured if --listen is set */
+ data->listen_tls = false; /* Only honoured if --listen is set */
# else /* ! LIBVIRTD */
data->listen_tls = false; /* Always honoured, --listen doesn't exist. */
# endif /* ! LIBVIRTD */
Index: libvirt-6.7.0/src/remote/libvirtd.conf.in
===================================================================
--- libvirt-6.7.0.orig/src/remote/libvirtd.conf.in
+++ libvirt-6.7.0/src/remote/libvirtd.conf.in
@@ -17,8 +17,8 @@
# It is necessary to setup a CA and issue server certificates before
# using this capability.
#
-# This is enabled by default, uncomment this to disable it
-#listen_tls = 0
+# This is disabled by default, uncomment this to enable it
+#listen_tls = 1
# Listen for unencrypted TCP connections on the public TCP/IP port.
# NB, must pass the --listen flag to the @DAEMON_NAME@ process for this to
View Git Blame Copy Permalink