conf: add support for VNC power control setting

The <graphics type="vnc" .... powerControl="yes"/> option instructs the VNC server to enable an extension that lets the client perform a graceful shutdown, reboot and hard reset. This is enabled by default since it cannot be assumed that the VNC client user has administrator rights over the guest OS. In the case where the VNC user is a guest administrator though, it is reasonable to allow direct power control host side too. Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-02-01 17:35:17 +00:00 · 2021-02-16 10:37:46 +00:00 · 2021-02-16 10:37:46 +00:00 · f84f04350b
commit f84f04350b
parent 4114fb2712
4 changed files with 26 additions and 0 deletions
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@ -5791,6 +5791,11 @@ interaction with the admin.
      ``autoport`` having no effect due to security reasons) :since:`Since
      1.0.6` .

+      For VNC, the ``powerControl`` attribute can be used to enable VM shutdown,
+      reboot and reset power control features for the VNC client. This is
+      appropriate if the authenticated VNC client user already has administrator
+      privileges in the guest :since:`Since 7.1.0`.
+
      Although VNC doesn't support OpenGL natively, it can be paired with
      graphics type ``egl-headless`` (see below) which will instruct QEMU to
      open and use drm nodes for OpenGL rendering.
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@ -3663,6 +3663,11 @@
                  </choice>
                </attribute>
              </optional>
+              <optional>
+                <attribute name="powerControl">
+                  <ref name="virYesNo"/>
+                </attribute>
+              </optional>
            </group>
            <group>
              <optional>
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@ -13149,6 +13149,7 @@ virDomainGraphicsDefParseXMLVNC(virDomainGraphicsDefPtr def,
    g_autofree char *websocketGenerated = virXMLPropString(node, "websocketGenerated");
    g_autofree char *sharePolicy = virXMLPropString(node, "sharePolicy");
    g_autofree char *autoport = virXMLPropString(node, "autoport");
+    g_autofree char *powerControl = virXMLPropString(node, "powerControl");

    if (virDomainGraphicsListensParseXML(def, node, ctxt, flags) < 0)
        return -1;
@ -13205,6 +13206,16 @@ virDomainGraphicsDefParseXMLVNC(virDomainGraphicsDefPtr def,
        }
    }

+    if (powerControl) {
+        int powerControlVal = virTristateBoolTypeFromString(powerControl);
+        if (powerControlVal < 0) {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           _("cannot parse vnc power control '%s'"), powerControl);
+            return -1;
+        }
+        def->data.vnc.powerControl = powerControlVal;
+    }
+
    def->data.vnc.keymap = virXMLPropString(node, "keymap");

    if (virDomainGraphicsAuthDefParseXML(node, &def->data.vnc.auth,
@ -27116,6 +27127,10 @@ virDomainGraphicsDefFormat(virBufferPtr buf,
                              virDomainGraphicsVNCSharePolicyTypeToString(
                              def->data.vnc.sharePolicy));

+        if (def->data.vnc.powerControl)
+            virBufferAsprintf(buf, " powerControl='%s'",
+                              virTristateBoolTypeToString(def->data.vnc.powerControl));
+
        virDomainGraphicsAuthDefFormatAttr(buf, &def->data.vnc.auth, flags);
        break;

--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@ -1712,6 +1712,7 @@ struct _virDomainGraphicsDef {
            char *keymap;
            virDomainGraphicsAuthDef auth;
            int sharePolicy;
+            virTristateBool powerControl;
        } vnc;
        struct {
            char *display;