From: Aline Manera <alinefm(a)linux.vnet.ibm.com>
When setting the listener IP to 0.0.0.0 anyone can connect to the freshly
configured kimchi virtual machine manager box on port 5900, 5901, etc. and take
over any virtual machine, since VNC is per default configured by kimchi
to listen on all IPs.
As websockets proxy connects to QEMU-VNC from 127.0.0.1 also set VNC
listener IP to 127.0.0.1
Signed-off-by: Aline Manera <alinefm(a)linux.vnet.ibm.com>
---
src/kimchi/mockmodel.py | 2 +-
src/kimchi/osinfo.py | 2 +-
tests/test_mockmodel.py | 2 +-
tests/test_model.py | 2 +-
tests/test_rest.py | 6 +++---
tests/test_vmtemplate.py | 8 ++++----
6 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/kimchi/mockmodel.py b/src/kimchi/mockmodel.py
index 1584471..ed275d5 100644
--- a/src/kimchi/mockmodel.py
+++ b/src/kimchi/mockmodel.py
@@ -1064,7 +1064,7 @@ def __init__(self, uuid, name, template_info):
'memory': self.memory,
'cpus': self.cpus,
'icon': None,
- 'graphics': {'type': 'vnc',
'listen': '0.0.0.0',
+ 'graphics': {'type': 'vnc',
'listen': '127.0.0.1',
'port': None},
'users': ['user1', 'user2',
'root'],
'groups': ['group1', 'group2',
'admin'],
diff --git a/src/kimchi/osinfo.py b/src/kimchi/osinfo.py
index 39c9163..d2a1c1d 100644
--- a/src/kimchi/osinfo.py
+++ b/src/kimchi/osinfo.py
@@ -94,7 +94,7 @@
defaults = {'networks': ['default'],
'storagepool': '/storagepools/default',
'domain': 'kvm', 'arch': os.uname()[4],
- 'graphics': {'type': 'vnc', 'listen':
'0.0.0.0'}}
+ 'graphics': {'type': 'vnc', 'listen':
'127.0.0.1'}}
def _get_arch():
diff --git a/tests/test_mockmodel.py b/tests/test_mockmodel.py
index 223879c..97b5fdb 100644
--- a/tests/test_mockmodel.py
+++ b/tests/test_mockmodel.py
@@ -154,7 +154,7 @@ def test_vm_info(self):
self.assertEquals('images/icon-vm.png', info['icon'])
self.assertEquals(stats_keys, set(info['stats'].keys()))
self.assertEquals('vnc', info['graphics']['type'])
- self.assertEquals('0.0.0.0', info['graphics']['listen'])
+ self.assertEquals('127.0.0.1',
info['graphics']['listen'])
def test_packages_update(self):
pkgs = model.packagesupdate_get_list()
diff --git a/tests/test_model.py b/tests/test_model.py
index da9dae5..cab8288 100644
--- a/tests/test_model.py
+++ b/tests/test_model.py
@@ -118,7 +118,7 @@ def test_vm_graphics(self):
info = inst.vm_lookup('kimchi-vnc')
self.assertEquals('vnc', info['graphics']['type'])
- self.assertEquals('0.0.0.0',
info['graphics']['listen'])
+ self.assertEquals('127.0.0.1',
info['graphics']['listen'])
graphics = {'type': 'spice', 'listen':
'127.0.0.1'}
params = {'name': 'kimchi-spice', 'template':
'/templates/test',
diff --git a/tests/test_rest.py b/tests/test_rest.py
index 3ea1927..4feb298 100644
--- a/tests/test_rest.py
+++ b/tests/test_rest.py
@@ -370,7 +370,7 @@ def test_vm_graphics(self):
self.assertEquals(201, resp.status)
# Verify the VM
vm = json.loads(self.request('/vms/test-vm').read())
- self.assertEquals('0.0.0.0', vm['graphics']['listen'])
+ self.assertEquals('127.0.0.1', vm['graphics']['listen'])
self.assertEquals('vnc', vm['graphics']['type'])
# Delete the VM
resp = self.request('/vms/test-vm', '{}', 'DELETE')
@@ -412,7 +412,7 @@ def test_vm_graphics(self):
self.assertEquals(201, resp.status)
# Verify the VM
vm = json.loads(self.request('/vms/test-vm').read())
- self.assertEquals('0.0.0.0', vm['graphics']['listen'])
+ self.assertEquals('127.0.0.1', vm['graphics']['listen'])
self.assertEquals('spice', vm['graphics']['type'])
# Delete the VM
resp = self.request('/vms/test-vm', '{}', 'DELETE')
@@ -1132,7 +1132,7 @@ def verify_template(t, res):
# Update the template
t['os_distro'] = 'Linux.ISO'
t['os_version'] = '1.1'
- t['graphics'] = {'type': 'vnc', 'listen':
'0.0.0.0'}
+ t['graphics'] = {'type': 'vnc', 'listen':
'127.0.0.1'}
req = json.dumps(t)
resp = self.request('/templates/%s' % t['name'], req,
'PUT')
self.assertEquals(200, resp.status)
diff --git a/tests/test_vmtemplate.py b/tests/test_vmtemplate.py
index 821ca24..acf0150 100644
--- a/tests/test_vmtemplate.py
+++ b/tests/test_vmtemplate.py
@@ -31,7 +31,7 @@ def test_minimal_construct(self):
('os_version', 'unknown'), ('cpus', 1),
('memory', 1024), ('cdrom', ''),
('networks', ['default']),
('disk_bus', 'ide'), ('nic_model',
'e1000'),
- ('graphics', {'type': 'vnc', 'listen':
'0.0.0.0'}))
+ ('graphics', {'type': 'vnc', 'listen':
'127.0.0.1'}))
args = {'name': 'test'}
t = VMTemplate(args)
@@ -55,7 +55,7 @@ def test_specified_graphics(self):
self.assertEquals(graphics, t.info['graphics'])
# Test specified type
- graphics = {'type': 'spice', 'listen':
'0.0.0.0'}
+ graphics = {'type': 'spice', 'listen':
'127.0.0.1'}
args['graphics'] = graphics
t = VMTemplate(args)
self.assertEquals(graphics, t.info['graphics'])
@@ -65,10 +65,10 @@ def test_specified_graphics(self):
args['graphics'] = graphics
t = VMTemplate(args)
self.assertEquals(graphics['type'],
t.info['graphics']['type'])
- self.assertEquals('0.0.0.0',
t.info['graphics']['listen'])
+ self.assertEquals('127.0.0.1',
t.info['graphics']['listen'])
def test_to_xml(self):
- graphics = {'type': 'spice', 'listen':
'0.0.0.0'}
+ graphics = {'type': 'spice', 'listen':
'127.0.0.1'}
vm_uuid = str(uuid.uuid4()).replace('-', '')
t = VMTemplate({'name': 'test-template'})
xml = t.to_vm_xml('test-vm', vm_uuid, graphics=graphics)
--
1.9.3