diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2019-03-11 18:26:37 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2019-03-11 18:26:37 +0000 |
| commit | 377b155bde451d5ac545fbdcdfbf6ca17a4228f5 (patch) | |
| tree | bb2acb6d1d3faae019898cadbcac17ec3b964a2f /qemu-options.hx | |
| parent | c8761809385db04513b87af321c5feec82475421 (diff) | |
| parent | 328eb60dc1a19448b36eb63901ca0b8f87ed6f57 (diff) | |
| download | qemu-377b155bde451d5ac545fbdcdfbf6ca17a4228f5.zip | |
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* allow building QEMU without TCG or KVM support (Anthony)
* update AMD IOMMU copyright (David)
* compilation fixes for GCC and BSDs (Alexey, David, Paolo, Philippe)
* coalesced I/O bugfix (Jagannathan)
* Processor Tracing cpuid fix (Luwei)
* Kconfig fixes (Paolo, David)
* Cleanups (Paolo, Wei)
* PVH vs. multiboot fix (Stefano)
* LSI bugfixes (Sven)
* elf2dmp Coverity fix (Victor)
* scsi-disk fix (Zhengui)
* authorization support for chardev TLS (Daniel)
# gpg: Signature made Mon 11 Mar 2019 16:12:00 GMT
# gpg: using RSA key BFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream: (31 commits)
qemugdb: fix licensing
chardev: add support for authorization for TLS clients
qom: cpu: destroy work_mutex in cpu_common_finalize
exec.c: refactor function flatview_add_to_dispatch()
lsi: 810/895A are always little endian
lsi: return dfifo value
lsi: use SCSI phase names instead of numbers in trace
lsi: use enum type for s->msg_action
lsi: use enum type for s->waiting
lsi: use ldn_le_p()/stn_le_p()
scsi-disk: Fix crash if request is invaild or disk is no medium
configure: Disable W^X on OpenBSD
oslib-posix: Ignore fcntl("/dev/null", F_SETFL, O_NONBLOCK) failure
accel: Allow to build QEMU without TCG or KVM support
build: clean trace/generated-helpers.c
build: remove unnecessary assignments from Makefile.target
build: get rid of target-obj-y
update copyright notice
lsi: check if SIGP bit is already set in Wait reselect
lsi: implement basic SBCL functionality
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'qemu-options.hx')
| -rw-r--r-- | qemu-options.hx | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/qemu-options.hx b/qemu-options.hx index c74f99b265..7118d90352 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -2428,7 +2428,7 @@ DEF("chardev", HAS_ARG, QEMU_OPTION_chardev, "-chardev null,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" "-chardev socket,id=id[,host=host],port=port[,to=to][,ipv4][,ipv6][,nodelay][,reconnect=seconds]\n" " [,server][,nowait][,telnet][,websocket][,reconnect=seconds][,mux=on|off]\n" - " [,logfile=PATH][,logappend=on|off][,tls-creds=ID] (tcp)\n" + " [,logfile=PATH][,logappend=on|off][,tls-creds=ID][,tls-authz=ID] (tcp)\n" "-chardev socket,id=id,path=path[,server][,nowait][,telnet][,websocket][,reconnect=seconds]\n" " [,mux=on|off][,logfile=PATH][,logappend=on|off] (unix)\n" "-chardev udp,id=id[,host=host],port=port[,localaddr=localaddr]\n" @@ -2557,7 +2557,7 @@ The available backends are: A void device. This device will not emit any data, and will drop any data it receives. The null backend does not take any options. -@item -chardev socket,id=@var{id}[,@var{TCP options} or @var{unix options}][,server][,nowait][,telnet][,websocket][,reconnect=@var{seconds}][,tls-creds=@var{id}] +@item -chardev socket,id=@var{id}[,@var{TCP options} or @var{unix options}][,server][,nowait][,telnet][,websocket][,reconnect=@var{seconds}][,tls-creds=@var{id}][,tls-authz=@var{id}] Create a two-way stream socket, which can be either a TCP or a unix socket. A unix socket will be created if @option{path} is specified. Behaviour is @@ -2583,6 +2583,12 @@ and specifies the id of the TLS credentials to use for the handshake. The credentials must be previously created with the @option{-object tls-creds} argument. +@option{tls-auth} provides the ID of the QAuthZ authorization object against +which the client's x509 distinguished name will be validated. This object is +only resolved at time of use, so can be deleted and recreated on the fly +while the chardev server is active. If missing, it will default to denying +access. + TCP and unix socket options are given below: @table @option |