forked from pool/libvirt
9462ef6485
- util: improvements in error handling
09877303-virSocketAddrParseInternal.patch,
412afdb8-intro-virSocketAddrParseAny.patch
bsc#1080957
- Update to libvirt 4.2.0
- Many incremental improvements and bug fixes, see
http://libvirt.org/news.html
- Dropped patches:
6b3d716e-keycodemap-py3.patch,
33c6eb96-fix-libvirtd-reload-deadlock.patch,
464889ff-rpc-aquire-ref-dispatch.patch,
c6f1d519-rpc-simplify-dispatch.patch,
06e7ebb6-rpc-invoke-dispatch-unlocked.patch,
86cae503-rpc-fix-pre-exec.patch,
eefabb38-rpc-virtlockd-virtlogd-single-thread.patch,
fbf31e1a-CVE-2018-1064.patch,
fb327ac2-virtlockd-admin-socket.patch,
64370c4b-libxl-MigrateBegin.patch,
99486799-libxl-MigrateConfirm.patch,
f5eacf2a-libxl-MigratePerform.patch,
4e6fcdb6-libxl-libxlDomObjFromDomain-cleanup.patch,
fe51dbda-libxl-use-FindByRef.patch,
60b3fcd9-libxl-MigratePrepare.patch,
3c89868c-libxl-lock-after-ListRemove.patch,
13e81fc6-libxl-EndJob-on-error.patch,
594b8b99-libxl-DefineXMLFlags-API-pattern.patch,
c66e344e-libxl-dont-deref-NULL.patch,
83edaf44-libxl-dont-hardcode-sched-weight.patch,
apibuild-py3.patch
OBS-URL: https://build.opensuse.org/request/show/593871
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=683
47 lines
1.7 KiB
Diff
47 lines
1.7 KiB
Diff
Disable TLS by default
|
|
|
|
On SUSE distros, the default is for libvirtd to listen only on the
|
|
Unix Domain Socket. The libvirt client still provides remote access
|
|
via a SSH tunnel.
|
|
Index: libvirt-4.2.0/src/remote/libvirtd.conf
|
|
===================================================================
|
|
--- libvirt-4.2.0.orig/src/remote/libvirtd.conf
|
|
+++ libvirt-4.2.0/src/remote/libvirtd.conf
|
|
@@ -18,8 +18,8 @@
|
|
# It is necessary to setup a CA and issue server certificates before
|
|
# using this capability.
|
|
#
|
|
-# This is enabled by default, uncomment this to disable it
|
|
-#listen_tls = 0
|
|
+# This is disabled by default, uncomment this to enable it
|
|
+#listen_tls = 1
|
|
|
|
# Listen for unencrypted TCP connections on the public TCP/IP port.
|
|
# NB, must pass the --listen flag to the libvirtd process for this to
|
|
Index: libvirt-4.2.0/src/remote/remote_daemon_config.c
|
|
===================================================================
|
|
--- libvirt-4.2.0.orig/src/remote/remote_daemon_config.c
|
|
+++ libvirt-4.2.0/src/remote/remote_daemon_config.c
|
|
@@ -110,7 +110,7 @@ daemonConfigNew(bool privileged ATTRIBUT
|
|
if (VIR_ALLOC(data) < 0)
|
|
return NULL;
|
|
|
|
- data->listen_tls = 1;
|
|
+ data->listen_tls = 0;
|
|
data->listen_tcp = 0;
|
|
|
|
if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 ||
|
|
Index: libvirt-4.2.0/src/remote/test_libvirtd.aug.in
|
|
===================================================================
|
|
--- libvirt-4.2.0.orig/src/remote/test_libvirtd.aug.in
|
|
+++ libvirt-4.2.0/src/remote/test_libvirtd.aug.in
|
|
@@ -2,7 +2,7 @@ module Test_libvirtd =
|
|
::CONFIG::
|
|
|
|
test Libvirtd.lns get conf =
|
|
- { "listen_tls" = "0" }
|
|
+ { "listen_tls" = "1" }
|
|
{ "listen_tcp" = "1" }
|
|
{ "tls_port" = "16514" }
|
|
{ "tcp_port" = "16509" }
|