Created attachment 573037 [details] Patch which implements this change In the GNOME UI we'd like to make use of Avahi discovery and name resolution "out of the box". A typical use case is for discovery of printers that are advertised using MDNS. This should work even on potentially 'hostile' networks such as a wireless access point in a print shop or airport. It should work without user configuration. https://fedoraproject.org/wiki/Desktop/Whiteboards/AvahiDefault In order to turn on Avahi by default, and make it work by default, we'd like to make it possible to use Avahi without advertising any information to the network by default. Advertising information to the network (even the host name) without the user's configuration or consent is a privacy issue. libvirtd advertises itself via MDNS on the network by default. I understand that MDNS discovery of libvirtd is really handy in many cases. However since one has to configure network access in libvirtd anyway -- none of the access methods work "out of the box" to my understanding -- I'd like to suggest turning off libvirtd's MDNS publishing by default. As part of setting up libvirtd for network access, the user would turn on mdns_adv.
Please post the patch to the list. Keeping it threaded with https://www.redhat.com/archives/libvir-list/2012-March/msg01201.html will help it get reviewed faster.
> > However since one has to configure network access in libvirtd anyway -- none > of the access methods work "out of the box" to my understanding -- I'd like to > suggest turning off libvirtd's MDNS publishing by default. As part of setting > up libvirtd for network access, the user would turn on mdns_adv. This isn't entirely correct. The most common way people connect to remote libvirt hosts is using ssh auth, which works out of the box on fedora at least. That said I don't think people even use the libvirt mdns advertisement very much, so disabling it is probably fine.
Thanks. FWIW, It didn't work for me out of the box. Did I do something wrong: 1. I had to install openssh-server (Fedora doesn't have it installed by default). 2. Either a) configure your machine's root account for (key based) ssh access, or b) make libvirtd work with a normal ssh account, which I didn't figure out how to do, but it didn't work by default for me on F17.
Libvirt 0.9.11 will include this: commit 53e1d56dd468e945ad311f46221a357dffda787b Author: Stef Walter <stefw> Date: Tue Mar 27 16:20:54 2012 +0200 Change the default of mdns_adv to false * Don't advertise information on the network without consent of the user, either through manual configuration, or a user interface that drives this option. * Since libvirtd must be configured for network access anyway (for all but ssh), this setting was not useful "out of the box", so changing this default setting does not remove "out of the box" functionality.
(Note that libvirt-0.9.11 will be in Fedora 17)