Bug 1044021

Summary: RFE: Use virDomainOpenGraphics to give non-root access to vnc over unix socket
Product: [Community] Virtualization Tools Reporter: Cole Robinson <crobinso>
Component: virt-managerAssignee: Cole Robinson <crobinso>
Status: CLOSED UPSTREAM QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: berrange, crobinso, gscrivan, rbalakri
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-07 23:21:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Cole Robinson 2013-12-17 15:55:27 UTC 
qemu.conf vnc_auto_unix_socket will put the socket in /var/lib/... for qemu:///system. This means virt-manager run as non-root (the default) will not be able to access the vnc socket.

That's what virDomainOpenGraphics is for though. Just need to make sure we only use it where available, and only when connecting to a local connection (it doesn't work over the network)
Comment 1 Cole Robinson 2015-04-10 22:59:10 UTC 
Libvirt bug tracking adding support for this for spice:

https://bugzilla.redhat.com/show_bug.cgi?id=1151761

There's also virDomainOpenGraphicsFD or something along those lines these days, that should be investigated too
Comment 2 Cole Robinson 2016-05-07 23:21:01 UTC 
This is upstream nowadays as part of the spice gl work