Import the Xend portion of xen-unstable changeset 11704:a95dfbc8dca8ecddcb9be51d78f44...

[HVM/vncserver] Implement a 'vnclisten' option to limit the interface
that the VNC server from qemu listens on.

Defaults to only listen on 127.0.0.1

The old behaviour (listen on all interfaces) can be restored, by
- changing the system-wide default in /etc/xen/xend-config.sxp by adding:
(vnc-listen '0.0.0.0')
- changing individual domain config files by adding:
vnclisten="0.0.0.0"

Also allows specifying the hostname associated with an interface to limit
to that interface.

Signed-off-by:  Daniel P. Berrange <berrange@redhat.com>

diff --git a/tools/python/xen/xend/XendRoot.py b/tools/python/xen/xend/XendRoot.py
index 927e5ed5373e564f4f66c55a760f35c3cda39847..3906cac6c7ec0438baf61c5cf7703fe51770fdd3 100644 (file)
--- a/tools/python/xen/xend/XendRoot.py
+++ b/tools/python/xen/xend/XendRoot.py
@@ -93,6 +93,9 @@ class XendRoot:
 
     dom0_vcpus_default = '0'
 
+    """Default interface to listen for VNC connections on"""
+    xend_vnc_listen_default = '127.0.0.1'
+
     """Default session storage path."""
     xend_domains_path_default = '/var/lib/xend/domains'
 
@@ -281,6 +284,9 @@ class XendRoot:
     def get_console_limit(self):
         return self.get_config_int('console-limit', 1024)
 
+    def get_vnclisten_address(self):
+        return self.get_config_value('vnc-listen', self.xend_vnc_listen_default)
+
 def instance():
     """Get an instance of XendRoot.
     Use this instead of the constructor.

diff --git a/tools/python/xen/xend/image.py b/tools/python/xen/xend/image.py
index d31467311ab0fa606d4844700cc366a5fc3bba85..ee131d9841f2fdb61d3e25f0f19bf005395b16a3 100644 (file)
--- a/tools/python/xen/xend/image.py
+++ b/tools/python/xen/xend/image.py
@@ -366,6 +366,11 @@ class HVMImageHandler(ImageHandler):
             else:
                 ret += ['-vnc', '%d' % vncdisplay]
             ret += ['-k', 'en-us']
+            vnclisten = sxp.child_value(config, 'vnclisten')
+            if not(vnclisten):
+                vnclisten = xen.xend.XendRoot.instance().get_vnclisten_address()
+            if vnclisten:
+                ret += ['-vnclisten', vnclisten]
         return ret
 
     def createDeviceModel(self):

diff --git a/tools/python/xen/xm/create.py b/tools/python/xen/xm/create.py
index aab0d930ecee9e163c0f64b2a7351345e6bea659..933ef84f5ca72005052eb71db5437b57019b217d 100644 (file)
--- a/tools/python/xen/xm/create.py
+++ b/tools/python/xen/xm/create.py
@@ -419,6 +419,10 @@ gopts.var('vncdisplay', val='',
           fn=set_value, default=None,
           use="""VNC display to use""")
 
+gopts.var('vnclisten', val='',
+          fn=set_value, default=None,
+          use="""Address for VNC server to listen on.""")
+
 gopts.var('vncunused', val='',
           fn=set_bool, default=1,
           use="""Try to find an unused port for the VNC server.
@@ -650,8 +654,9 @@ def configure_hvm(config_image, vals):
     """
     args = [ 'device_model', 'pae', 'vcpus', 'boot', 'fda', 'fdb',
              'localtime', 'serial', 'stdvga', 'isa', 'nographic', 'soundhw',
-             'vnc', 'vncdisplay', 'vncunused', 'vncconsole', 'sdl', 'display',
-             'acpi', 'apic', 'xauthority', 'usb', 'usbdevice' ]
+             'vnc', 'vncdisplay', 'vncunused', 'vncconsole', 'vnclisten',
+             'sdl', 'display', 'xauthority',
+             'acpi', 'apic', 'usb', 'usbdevice' ]
     for a in args:
         if (vals.__dict__[a]):
             config_image.append([a, vals.__dict__[a]])