[Kimchi-devel] [PATCH] issue #389: Use 127.0.0.1 as VNC listener IP
Royce Lv
lvroyce at linux.vnet.ibm.com
Mon Jul 28 09:24:00 UTC 2014
Reviewed-by: Royce Lv<lvroyce at linux.vnet.ibm.com>
On 2014年07月26日 04:02, alinefm at linux.vnet.ibm.com wrote:
> From: Aline Manera <alinefm at linux.vnet.ibm.com>
>
> When setting the listener IP to 0.0.0.0 anyone can connect to the freshly
> configured kimchi virtual machine manager box on port 5900, 5901, etc. and take
> over any virtual machine, since VNC is per default configured by kimchi
> to listen on all IPs.
> As websockets proxy connects to QEMU-VNC from 127.0.0.1 also set VNC
> listener IP to 127.0.0.1
>
> Signed-off-by: Aline Manera <alinefm at linux.vnet.ibm.com>
> ---
> src/kimchi/mockmodel.py | 2 +-
> src/kimchi/osinfo.py | 2 +-
> tests/test_mockmodel.py | 2 +-
> tests/test_model.py | 2 +-
> tests/test_rest.py | 6 +++---
> tests/test_vmtemplate.py | 8 ++++----
> 6 files changed, 11 insertions(+), 11 deletions(-)
>
> diff --git a/src/kimchi/mockmodel.py b/src/kimchi/mockmodel.py
> index 1584471..ed275d5 100644
> --- a/src/kimchi/mockmodel.py
> +++ b/src/kimchi/mockmodel.py
> @@ -1064,7 +1064,7 @@ def __init__(self, uuid, name, template_info):
> 'memory': self.memory,
> 'cpus': self.cpus,
> 'icon': None,
> - 'graphics': {'type': 'vnc', 'listen': '0.0.0.0',
> + 'graphics': {'type': 'vnc', 'listen': '127.0.0.1',
> 'port': None},
> 'users': ['user1', 'user2', 'root'],
> 'groups': ['group1', 'group2', 'admin'],
> diff --git a/src/kimchi/osinfo.py b/src/kimchi/osinfo.py
> index 39c9163..d2a1c1d 100644
> --- a/src/kimchi/osinfo.py
> +++ b/src/kimchi/osinfo.py
> @@ -94,7 +94,7 @@
> defaults = {'networks': ['default'],
> 'storagepool': '/storagepools/default',
> 'domain': 'kvm', 'arch': os.uname()[4],
> - 'graphics': {'type': 'vnc', 'listen': '0.0.0.0'}}
> + 'graphics': {'type': 'vnc', 'listen': '127.0.0.1'}}
>
>
> def _get_arch():
> diff --git a/tests/test_mockmodel.py b/tests/test_mockmodel.py
> index 223879c..97b5fdb 100644
> --- a/tests/test_mockmodel.py
> +++ b/tests/test_mockmodel.py
> @@ -154,7 +154,7 @@ def test_vm_info(self):
> self.assertEquals('images/icon-vm.png', info['icon'])
> self.assertEquals(stats_keys, set(info['stats'].keys()))
> self.assertEquals('vnc', info['graphics']['type'])
> - self.assertEquals('0.0.0.0', info['graphics']['listen'])
> + self.assertEquals('127.0.0.1', info['graphics']['listen'])
>
> def test_packages_update(self):
> pkgs = model.packagesupdate_get_list()
> diff --git a/tests/test_model.py b/tests/test_model.py
> index da9dae5..cab8288 100644
> --- a/tests/test_model.py
> +++ b/tests/test_model.py
> @@ -118,7 +118,7 @@ def test_vm_graphics(self):
>
> info = inst.vm_lookup('kimchi-vnc')
> self.assertEquals('vnc', info['graphics']['type'])
> - self.assertEquals('0.0.0.0', info['graphics']['listen'])
> + self.assertEquals('127.0.0.1', info['graphics']['listen'])
>
> graphics = {'type': 'spice', 'listen': '127.0.0.1'}
> params = {'name': 'kimchi-spice', 'template': '/templates/test',
> diff --git a/tests/test_rest.py b/tests/test_rest.py
> index 3ea1927..4feb298 100644
> --- a/tests/test_rest.py
> +++ b/tests/test_rest.py
> @@ -370,7 +370,7 @@ def test_vm_graphics(self):
> self.assertEquals(201, resp.status)
> # Verify the VM
> vm = json.loads(self.request('/vms/test-vm').read())
> - self.assertEquals('0.0.0.0', vm['graphics']['listen'])
> + self.assertEquals('127.0.0.1', vm['graphics']['listen'])
> self.assertEquals('vnc', vm['graphics']['type'])
> # Delete the VM
> resp = self.request('/vms/test-vm', '{}', 'DELETE')
> @@ -412,7 +412,7 @@ def test_vm_graphics(self):
> self.assertEquals(201, resp.status)
> # Verify the VM
> vm = json.loads(self.request('/vms/test-vm').read())
> - self.assertEquals('0.0.0.0', vm['graphics']['listen'])
> + self.assertEquals('127.0.0.1', vm['graphics']['listen'])
> self.assertEquals('spice', vm['graphics']['type'])
> # Delete the VM
> resp = self.request('/vms/test-vm', '{}', 'DELETE')
> @@ -1132,7 +1132,7 @@ def verify_template(t, res):
> # Update the template
> t['os_distro'] = 'Linux.ISO'
> t['os_version'] = '1.1'
> - t['graphics'] = {'type': 'vnc', 'listen': '0.0.0.0'}
> + t['graphics'] = {'type': 'vnc', 'listen': '127.0.0.1'}
> req = json.dumps(t)
> resp = self.request('/templates/%s' % t['name'], req, 'PUT')
> self.assertEquals(200, resp.status)
> diff --git a/tests/test_vmtemplate.py b/tests/test_vmtemplate.py
> index 821ca24..acf0150 100644
> --- a/tests/test_vmtemplate.py
> +++ b/tests/test_vmtemplate.py
> @@ -31,7 +31,7 @@ def test_minimal_construct(self):
> ('os_version', 'unknown'), ('cpus', 1),
> ('memory', 1024), ('cdrom', ''), ('networks', ['default']),
> ('disk_bus', 'ide'), ('nic_model', 'e1000'),
> - ('graphics', {'type': 'vnc', 'listen': '0.0.0.0'}))
> + ('graphics', {'type': 'vnc', 'listen': '127.0.0.1'}))
>
> args = {'name': 'test'}
> t = VMTemplate(args)
> @@ -55,7 +55,7 @@ def test_specified_graphics(self):
> self.assertEquals(graphics, t.info['graphics'])
>
> # Test specified type
> - graphics = {'type': 'spice', 'listen': '0.0.0.0'}
> + graphics = {'type': 'spice', 'listen': '127.0.0.1'}
> args['graphics'] = graphics
> t = VMTemplate(args)
> self.assertEquals(graphics, t.info['graphics'])
> @@ -65,10 +65,10 @@ def test_specified_graphics(self):
> args['graphics'] = graphics
> t = VMTemplate(args)
> self.assertEquals(graphics['type'], t.info['graphics']['type'])
> - self.assertEquals('0.0.0.0', t.info['graphics']['listen'])
> + self.assertEquals('127.0.0.1', t.info['graphics']['listen'])
>
> def test_to_xml(self):
> - graphics = {'type': 'spice', 'listen': '0.0.0.0'}
> + graphics = {'type': 'spice', 'listen': '127.0.0.1'}
> vm_uuid = str(uuid.uuid4()).replace('-', '')
> t = VMTemplate({'name': 'test-template'})
> xml = t.to_vm_xml('test-vm', vm_uuid, graphics=graphics)
More information about the Kimchi-devel
mailing list