[PATCH] add a PTY console; & use a UNIX domain socket for better security

Tue Feb 19 18:58:51 UTC 2013

A couple of small additions:
    - Add a PTY serial console, so that "virsh console foo" works out of the box
      (once the guest is installed).
    - Use a UNIX domain socket server (for better security) as a character
      device instead of a TCP port.

Thanks to Dan Berrange for suggesting to use UNIX domain socket.
---
 oz/Guest.py |   20 +++++++++-----------
 1 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/oz/Guest.py b/oz/Guest.py
index 1cd106e8abc5fcb3ff155c0d11f93bf20c58ac3a..2725f672e42a8f547040c2b52b3e78262e58c105 100644
--- a/oz/Guest.py
+++ b/oz/Guest.py
@@ -419,20 +419,18 @@ class Guest(object):
         elif self.mousetype == "usb":
             inputdev.setProp("type", "tablet")
             inputdev.setProp("bus", "usb")
-        # console
-        console = devices.newChild(None, "console", None)
-        console.setProp("type", "pty")
-        consoleTarget = console.newChild(None, "target", None)
-        consoleTarget.setProp("port", "0")
-        # serial
+        # Serial console pseudo TTY
         serial = devices.newChild(None, "serial", None)
-        serial.setProp("type", "tcp")
+        serial.setProp("type", "pty")
+        serialTarget = serial.newChild(None, "target", None)
+        serialTarget.setProp("port", "0")
+        # Use a UNIX domain socket as character device
+        serial = devices.newChild(None, "serial", None)
+        serial.setProp("type", "unix")
         serialSource = serial.newChild(None, "source", None)
         serialSource.setProp("mode", "bind")
-        serialSource.setProp("host", "127.0.0.1")
-        serialSource.setProp("service", str(self.listen_port))
-        serialProtocol = serial.newChild(None, "protocol", None)
-        serialProtocol.setProp("type", "raw")
+        sockname = tempfile.mktemp(prefix="/var/tmp/oz-")
+        serialSource.setProp("path", sockname)
         serialTarget = serial.newChild(None, "target", None)
         serialTarget.setProp("port", "1")
         # boot disk
-- 
1.7.7.6

