Description of problem: Spice audio recording is on by default. It passes microphone input to guests. Has serious implications for privacy, when guests are untrusted. Could you please change this to be off/safe by default, or support a setting to turn this off via libvirt. Version-Release number of selected component (if applicable): All versions of KVM and libvirt How reproducible: Reliably reproducible on every system running KVM with every guest that supports SPICE. Steps to Reproduce: 1. start a vm 2. open the sound testing settings 3. testing microphone reveals host input by default. Actual results: Expected results: Not having this feature enabled by default. Or alternatively having an attribute to turn this off in libvirt XML. Additional info: Marc suggested adding support for hda codec type 'output' in libvirt
Hi any word on this feature? Can you please add it in the next release?
We need to support <sound model='ich6'/> <codec type='output'> </sound> And map it to qemu -device hda-output. There's already support for <codec type='micro'/> and <codec type='duplex'/> (the default), so extending libvirt to support the new codec type should be very simple. See https://bugzilla.redhat.com/show_bug.cgi?id=825939#c3 for an example commit extending the XML format and qemu handling do 'git grep codec src/qemu/qemu_command.c' to find the bits that need to be extended on the qemu command line side
Fixed upstream with v4.4.0-rc1~113: commit 3b8d050911ac5e7e7c445ac65ee506122dfe42f3 Author: Filip Alac <filipalac> Date: Tue May 22 13:12:33 2018 +0200 qemu: capabilities: Add 'hda-output' sound codec to capabilities This is, unfortunately, just the alternative option of this being possible to be turned off (it has to be the only codec).