On 09/05/2012 01:14 PM, Asias He wrote: > On Wed, Sep 5, 2012 at 5:53 PM, Avi Kivity <a...@redhat.com> wrote: >> On 09/05/2012 12:46 PM, Asias He wrote: >>>> Ok. Then the socat command not only exposes the display to the guest, >>>> but also to any local process with access to localhost:6000. >>> >>> Yes. It is a trick for people with 'Xorg -nolisten tcp' enabled. >> >> Which is hopefully everyone. > > Yup. That's why I want the socat trick ;-d
No, it's horribly insecure. One option is to generate a temporary keypair and use ssh. Or you can make the guest talk to an internal unix-domain socket, tunnel that through virtio-serial, terminate virtio-serial in lkvm, and direct it towards the local X socket. It's more work than exposing X11 via tcp, but if the user said -nolisten tcp, you must respect it. -- error compiling committee.c: too many arguments to function -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
