qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (se

From: Anthony Liguori
Subject: Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode
Date: Tue, 05 Jun 2012 09:03:13 +0800
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120329 Thunderbird/11.0.1 
On 06/05/2012 08:55 AM, Alexander Graf wrote:


On 05.06.2012, at 01:54, Anthony Liguori wrote:


Have you ever experienced a random failure on an SELinux box that made no 
logical sense?  Out of desperation, you setenforce 0 and magically, thinks work 
again.


Yeah - I never understood how anyone thought it makes sense to enable SELinux 
globally be default.... Either way, FIPS hopefully isn't something you find 
enabled by accident anywhere.


Even if the user enabled fips mode, they may not understand that this means VNC 
authentication will stop working.  Providing an option (1) allows the user to 
discover what the problem is (2) makes the behavior much more clear.


Where would you want the option to live? Compile time would be useless - users 
don't recompile QEMU, they take binary packages. A runtime option? Who would 
enable that runtime option then? Libvirt by default I suppose? So you're back 
in the same hell. RH would patch libvirt to always pass in -enable-fips and 
nothing would be different.
A QemuOpts option that is disabled by default but can be enabled through /etc/qemu/target-x86_64.conf
If any distribution wants to enable it as part of the default configuration, they certainly can. But a user can override it if they want to.
Likewise, libvirt can enable it by default if they are so inclined. At least the qemu logs from libvirt will show -enable-fips-mode 




Removing features based on a magic procfs variable with no input from the user 
is a bad idea IMHO.


But it's the design of the Linux FIPS model.
Just because someone made a bad choice, that doesn't mean we have to continue to make bad choices ourselves.
This whole feature is ridiculous from a technical perspective. As you said, disabling VNC auth but allowing no-password to be used is simply moronic.
I understand why we have to support these things, but it should not be the default behavior. 

Regards,

Anthony Liguori
reply via email to
[Prev in Thread] Current Thread [Next in Thread]