[INVALID] Whonix KVM Security Bug Report - SPICE remote desktop protocol listening on all network interfaces turned out to be a nothing burger but as a detail enhancement, for defense in deepth:
Could you please consider using unix domain socket files instead of localhost listening ports?
Researched this more. It seems to have consequences for emulated sound hardware security access. It’s unclear to me how much this will have a negative impact and so I want to keep the defaults to be cautious.
Here’s commentary on the patchset:
https://listman.redhat.com/archives/libvir-list/2016-March/msg01028.html
+# Enable this option to have SPICE served over an automatically created
+# unix socket. This prevents unprivileged access from users on the
+# host machine.
+#
+# This will only be enabled for SPICE configurations that do not have
+# a hardcoded 'listen' or 'socket' value. This setting takes preference
+# over spice_listen.
+#
+#spice_auto_unix_socket = 1
+
+
# By default, if no graphical front end is configured, libvirt will disable
# QEMU audio output since directly talking to alsa/pulseaudio may not work
# with various security settings. If you know what you're doing, enable
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 8a5baf5..d2bfae6 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7370,7 +7370,8 @@ static int
qemuBuildGraphicsSPICECommandLine(virQEMUDriverConfigPtr cfg,