Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 800155 - PRD35 - [RFE] configure SPICE disable-copy-paste in GUIs
Summary: PRD35 - [RFE] configure SPICE disable-copy-paste in GUIs
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: RFEs
Version: 3.0.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 3.5.0
Assignee: Francesco Romani
QA Contact: Artyom
URL:
Whiteboard: virt
Depends On: 1082479
Blocks: rhev3.5beta 1156165
TreeView+ depends on / blocked
 
Reported: 2012-03-05 21:00 UTC by David Jaša
Modified: 2019-02-15 13:30 UTC (History)
22 users (show)

Fixed In Version: ovirt-3.5.0-beta2
Doc Type: Enhancement
Doc Text:
This features adds the ability to disable copying and pasting to virtual machines through SPICE connections, allowing administrators to restrict this functionality due to security reasons. This functionality is enabled by default.
Clone Of:
Environment:
Last Closed: 2015-02-11 17:49:39 UTC
oVirt Team: ---
Target Upstream Version:
sherold: Triaged+


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 406693 None None None Never
Red Hat Product Errata RHSA-2015:0158 normal SHIPPED_LIVE Important: Red Hat Enterprise Virtualization Manager 3.5.0 2015-02-11 22:38:50 UTC
oVirt gerrit 26916 None None None Never

Description David Jaša 2012-03-05 21:00:50 UTC
Description of problem:
Since RHEL6.2/RHEV3.0, SPICE supports disabling of copy & paste feature at spice-server level that is also supported in libvirt (implemented as bug #693638, bug #693645, bug #693661):
# qemu-kvm -spice disable-copy-paste

<devices>
  <graphics type="spice">
    <clipboard copypaste="no"/>
  </graphics>
</devices>

What is lacking is proper integration into RHEV permission system and per-VM configuration:

 * Add a "Allow Client-Guest Copy & Paste" permission to to 
   "VM - Basic Operations" group that is enabled by default

 * Add a "Enable Guest-Client Copy & Paste" checkbox to "Edit VM" dialog for
   PowerUser and more powerful role that is checked by default. When the user
   is not allowed to use the feature by system-wide permission, this checkbox
   is unchecked and disabled.

 * RHEV-M should validate input of above checkbox in all case to prevent
   circumvention via tools like DOM Inspector or Greasemonkey script in Firefox

Version-Release number of selected component (if applicable):
3.0.2

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Itamar Heim 2012-03-06 09:17:35 UTC
workaround for now would be to use a custom hook until this is implemented

Comment 4 Francesco Romani 2013-12-23 12:31:39 UTC
VDSM patch available here: http://gerrit.ovirt.org/#/c/22646/

Comment 6 Francesco Romani 2014-04-22 12:13:54 UTC
engine patches: http://gerrit.ovirt.org/#/c/26241/ (and related)

Comment 7 Francesco Romani 2014-06-04 07:52:34 UTC
move to MODIFIED because the UI patch was merged (only RESTAPI is left out, patch posted and verified, previous version ACKed).

Comment 8 Artyom 2014-08-07 14:53:46 UTC
Verified on ovirt-engine-3.5.0-0.0.master.20140804172041.git23b558e.el6.noarch

Comment 11 errata-xmlrpc 2015-02-11 17:49:39 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0158.html


Note You need to log in before you can comment on or make changes to this bug.