OpenE2K
/
qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity

Prefer 'on' | 'off' over 'yes' | 'no' for bool options 

Update some docs and test cases to use 'on' | 'off' as the preferred
value for bool options.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2020-11-04 13:57:21 +00:00
parent 166310299a
commit 4d7beeab38
4 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/system/vnc-security.rst
View File

@ -65,7 +65,7 @@ encrypted session.
.. parsed-literal:: .. parsed-literal::
|qemu_system| [...OPTIONS...] \ |qemu_system| [...OPTIONS...] \
-object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=no \ -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=off \
-vnc :1,tls-creds=tls0 -monitor stdio -vnc :1,tls-creds=tls0 -monitor stdio
In the above example ``/etc/pki/qemu`` should contain at least three In the above example ``/etc/pki/qemu`` should contain at least three
@ -84,12 +84,12 @@ connecting. The server will request that the client provide a
certificate, which it will then validate against the CA certificate. certificate, which it will then validate against the CA certificate.
This is a good choice if deploying in an environment with a private This is a good choice if deploying in an environment with a private
internal certificate authority. It uses the same syntax as previously, internal certificate authority. It uses the same syntax as previously,
but with ``verify-peer`` set to ``yes`` instead. but with ``verify-peer`` set to ``on`` instead.
.. parsed-literal:: .. parsed-literal::
|qemu_system| [...OPTIONS...] \ |qemu_system| [...OPTIONS...] \
-object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \ -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \
-vnc :1,tls-creds=tls0 -monitor stdio -vnc :1,tls-creds=tls0 -monitor stdio
.. _vnc_005fsec_005fcertificate_005fpw: .. _vnc_005fsec_005fcertificate_005fpw:
@ -103,7 +103,7 @@ authentication to provide two layers of authentication for clients.
.. parsed-literal:: .. parsed-literal::
|qemu_system| [...OPTIONS...] \ |qemu_system| [...OPTIONS...] \
-object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \ -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \
-vnc :1,tls-creds=tls0,password -monitor stdio -vnc :1,tls-creds=tls0,password -monitor stdio
(qemu) change vnc password (qemu) change vnc password
Password: ******** Password: ********
@ -145,7 +145,7 @@ x509 options:
.. parsed-literal:: .. parsed-literal::
|qemu_system| [...OPTIONS...] \ |qemu_system| [...OPTIONS...] \
-object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \ -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \
-vnc :1,tls-creds=tls0,sasl -monitor stdio -vnc :1,tls-creds=tls0,sasl -monitor stdio
.. _vnc_005fsetup_005fsasl: .. _vnc_005fsetup_005fsasl:

2
include/authz/listfile.h
View File

@ -73,7 +73,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(QAuthZListFile,
* The object can be created on the command line using * The object can be created on the command line using
* *
* -object authz-list-file,id=authz0,\ * -object authz-list-file,id=authz0,\
* filename=/etc/qemu/myvm-vnc.acl,refresh=yes * filename=/etc/qemu/myvm-vnc.acl,refresh=on
* *
*/ */
struct QAuthZListFile { struct QAuthZListFile {

4
qemu-options.hx
View File

@ -5027,7 +5027,7 @@ SRST
Note the use of quotes due to the x509 distinguished name Note the use of quotes due to the x509 distinguished name
containing whitespace, and escaping of ','. containing whitespace, and escaping of ','.
``-object authz-listfile,id=id,filename=path,refresh=yes|no`` ``-object authz-listfile,id=id,filename=path,refresh=on|off``
Create an authorization object that will control access to Create an authorization object that will control access to
network services. network services.
@ -5072,7 +5072,7 @@ SRST
# |qemu_system| \\ # |qemu_system| \\
... \\ ... \\
-object authz-simple,id=auth0,filename=/etc/qemu/vnc-sasl.acl,refresh=yes \\ -object authz-simple,id=auth0,filename=/etc/qemu/vnc-sasl.acl,refresh=on \\
... ...
``-object authz-pam,id=id,service=string`` ``-object authz-pam,id=id,service=string``

4
tests/qemu-iotests/233
View File

@ -84,7 +84,7 @@ echo
echo "== check plain client to TLS server fails ==" echo "== check plain client to TLS server fails =="
nbd_server_start_tcp_socket \ nbd_server_start_tcp_socket \
--object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes \ --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=on \
--tls-creds tls0 \ --tls-creds tls0 \
-f $IMGFMT "$TEST_IMG" 2>> "$TEST_DIR/server.log" -f $IMGFMT "$TEST_IMG" 2>> "$TEST_DIR/server.log"
@ -129,7 +129,7 @@ echo "== check TLS with authorization =="
nbd_server_stop nbd_server_stop
nbd_server_start_tcp_socket \ nbd_server_start_tcp_socket \
--object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes \ --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=on \
--object "authz-simple,id=authz0,identity=CN=localhost,, \ --object "authz-simple,id=authz0,identity=CN=localhost,, \
O=Cthulu Dark Lord Enterprises client1,,L=R'lyeh,,C=South Pacific" \ O=Cthulu Dark Lord Enterprises client1,,L=R'lyeh,,C=South Pacific" \
--tls-authz authz0 \ --tls-authz authz0 \