``thread=single|multi``
Controls number of TCG threads. When the TCG is multi-threaded
- there will be one thread per vCPU therefor taking advantage of
+ there will be one thread per vCPU therefore taking advantage of
additional host cores. The default is to enable multi-threading
where both the back-end and front-ends support it and no
incompatible TCG features have been enabled (e.g.
DEFHEADING()
-DEFHEADING(USB options:)
+DEFHEADING(USB convenience options:)
DEF("usb", 0, QEMU_OPTION_usb,
"-usb enable on-board USB host controller (if not enabled by default)\n",
QEMU_ARCH_ALL)
SRST
``-usbdevice devname``
- Add the USB device devname. Note that this option is deprecated,
- please use ``-device usb-...`` instead. See the chapter about
+ Add the USB device devname, and enable an on-board USB controller
+ if possible and necessary (just like it can be done via
+ ``-machine usb=on``). Note that this option is mainly intended for
+ the user's convenience only. More fine-grained control can be
+ achieved by selecting a USB host controller (if necessary) and the
+ desired USB device via the ``-device`` option instead. For example,
+ instead of using ``-usbdevice mouse`` it is possible to use
+ ``-device qemu-xhci -device usb-mouse`` to connect the USB mouse
+ to a USB 3.0 controller instead (at least on machines that support
+ PCI and do not have an USB controller enabled by default yet).
+ For more details, see the chapter about
:ref:`Connecting USB devices` in the System Emulation Users Guide.
+ Possible devices for devname are:
+
+ ``braille``
+ Braille device. This will use BrlAPI to display the braille
+ output on a real or fake device (i.e. it also creates a
+ corresponding ``braille`` chardev automatically beside the
+ ``usb-braille`` USB device).
+
+ ``keyboard``
+ Standard USB keyboard. Will override the PS/2 keyboard (if present).
``mouse``
Virtual Mouse. This will override the PS/2 mouse emulation when
position without having to grab the mouse. Also overrides the
PS/2 mouse emulation when activated.
- ``braille``
- Braille device. This will use BrlAPI to display the braille
- output on a real or fake device.
+ ``wacom-tablet``
+ Wacom PenPartner USB tablet.
+
+
ERST
DEFHEADING()
" [,tls-ciphers=<list>]\n"
" [,tls-channel=[main|display|cursor|inputs|record|playback]]\n"
" [,plaintext-channel=[main|display|cursor|inputs|record|playback]]\n"
- " [,sasl=on|off][,password=<secret>][,disable-ticketing=on|off]\n"
+ " [,sasl=on|off][,disable-ticketing=on|off]\n"
+ " [,password=<string>][,password-secret=<secret-id>]\n"
" [,image-compression=[auto_glz|auto_lz|quic|glz|lz|off]]\n"
" [,jpeg-wan-compression=[auto|never|always]]\n"
" [,zlib-glz-wan-compression=[auto|never|always]]\n"
``ipv4=on|off``; \ ``ipv6=on|off``; \ ``unix=on|off``
Force using the specified IP version.
- ``password=<secret>``
+ ``password=<string>``
Set the password you need to authenticate.
+ This option is deprecated and insecure because it leaves the
+ password visible in the process listing. Use ``password-secret``
+ instead.
+
+ ``password-secret=<secret-id>``
+ Set the ID of the ``secret`` object containing the password
+ you need to authenticate.
+
``sasl=on|off``
Require that the client use SASL to authenticate with the spice.
The exact choice of authentication method used is controlled
Following the display value there may be one or more option flags
separated by commas. Valid options are
- ``reverse``
+ ``reverse=on|off``
Connect to a listening VNC client via a "reverse" connection.
The client is specified by the display. For reverse network
connections (host:d,``reverse``), the d argument is a TCP port
number, not a display number.
- ``websocket``
+ ``websocket=on|off``
Opens an additional TCP listening port dedicated to VNC
Websocket connections. If a bare websocket option is given, the
Websocket port is 5700+display. An alternative port can be
runs in unencrypted mode. If TLS credentials are provided, the
websocket connection requires encrypted client connections.
- ``password``
+ ``password=on|off``
Require that password based authentication is used for client
connections.
time to allow <protocol> password to expire immediately or never
expire.
+ ``password-secret=<secret-id>``
+ Require that password based authentication is used for client
+ connections, using the password provided by the ``secret``
+ object identified by ``secret-id``.
+
``tls-creds=ID``
Provides the ID of a set of TLS credentials to use to secure the
VNC server. They will apply to both the normal VNC server socket
on the fly while the VNC server is active. If missing, it will
default to denying access.
- ``sasl``
+ ``sasl=on|off``
Require that the client use SASL to authenticate with the VNC
server. The exact choice of authentication method used is
controlled from the system / user's SASL configuration file for
fly while the VNC server is active. If missing, it will default
to denying access.
- ``acl``
+ ``acl=on|off``
Legacy method for enabling authorization of clients against the
x509 distinguished name and SASL username. It results in the
creation of two ``authz-list`` objects with IDs of
This option is deprecated and should no longer be used. The new
``sasl-authz`` and ``tls-authz`` options are a replacement.
- ``lossy``
+ ``lossy=on|off``
Enable lossy compression methods (gradient, JPEG, ...). If this
option is set, VNC client may receive lossy framebuffer updates
depending on its encoding settings. Enabling this option can
save a lot of bandwidth at the expense of quality.
- ``non-adaptive``
+ ``non-adaptive=on|off``
Disable adaptive encodings. Adaptive encodings are enabled by
default. An adaptive encoding will try to detect frequently
updated screen regions, and send updates in these regions using
must be omitted, otherwise is must be present and specify a
valid audiodev.
- ``power-control``
+ ``power-control=on|off``
Permit the remote client to issue shutdown, reboot or reset power
control requests.
ERST
" use 'vhostfd=h' to connect to an already opened vhost net device\n"
" use 'vhostfds=x:y:...:z to connect to multiple already opened vhost net devices\n"
" use 'queues=n' to specify the number of queues to be created for multiqueue TAP\n"
- " use 'poll-us=n' to speciy the maximum number of microseconds that could be\n"
+ " use 'poll-us=n' to specify the maximum number of microseconds that could be\n"
" spent on busy polling for vhost net\n"
"-netdev bridge,id=str[,br=bridge][,helper=helper]\n"
" configure a host TAP network backend with ID 'str' that is\n"
DEF("chardev", HAS_ARG, QEMU_OPTION_chardev,
"-chardev help\n"
"-chardev null,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n"
- "-chardev socket,id=id[,host=host],port=port[,to=to][,ipv4=on|off][,ipv6=on|off][,delay=on|off][,reconnect=seconds]\n"
+ "-chardev socket,id=id[,host=host],port=port[,to=to][,ipv4=on|off][,ipv6=on|off][,nodelay=on|off][,reconnect=seconds]\n"
" [,server=on|off][,wait=on|off][,telnet=on|off][,websocket=on|off][,reconnect=seconds][,mux=on|off]\n"
" [,logfile=PATH][,logappend=on|off][,tls-creds=ID][,tls-authz=ID] (tcp)\n"
"-chardev socket,id=id,path=path[,server=on|off][,wait=on|off][,telnet=on|off][,websocket=on|off][,reconnect=seconds]\n"
TCP and unix socket options are given below:
- ``TCP options: port=port[,host=host][,to=to][,ipv4=on|off][,ipv6=on|off][,delay=on|off]``
+ ``TCP options: port=port[,host=host][,to=to][,ipv4=on|off][,ipv6=on|off][,nodelay=on|off]``
``host`` for a listening socket specifies the local address to
be bound. For a connecting socket species the remote host to
connect to. ``host`` is optional for listening sockets. If not
or IPv6 must be used. If neither is specified the socket may
use either protocol.
- ``delay=on|off`` disables the Nagle algorithm.
+ ``nodelay=on|off`` disables the Nagle algorithm.
``unix options: path=path[,abstract=on|off][,tight=on|off]``
``path`` specifies the local path of the unix socket. ``path``
DEFHEADING(Debug/Expert options:)
+DEF("compat", HAS_ARG, QEMU_OPTION_compat,
+ "-compat [deprecated-input=accept|reject|crash][,deprecated-output=accept|hide]\n"
+ " Policy for handling deprecated management interfaces\n",
+ QEMU_ARCH_ALL)
+SRST
+``-compat [deprecated-input=@var{input-policy}][,deprecated-output=@var{output-policy}]``
+ Set policy for handling deprecated management interfaces (experimental):
+
+ ``deprecated-input=accept`` (default)
+ Accept deprecated commands and arguments
+ ``deprecated-input=reject``
+ Reject deprecated commands and arguments
+ ``deprecated-input=crash``
+ Crash on deprecated commands and arguments
+ ``deprecated-output=accept`` (default)
+ Emit deprecated command results and events
+ ``deprecated-output=hide``
+ Suppress deprecated command results and events
+
+ Limitation: covers only syntactic aspects of QMP.
+ERST
+
DEF("fw_cfg", HAS_ARG, QEMU_OPTION_fwcfg,
"-fw_cfg [name=]<name>,file=<file>\n"
" add named fw_cfg entry with contents from file\n"
``telnet options:``
localhost 5555
- ``tcp:[host]:port[,server=on|off][,wait=on|off][,delay=on|off][,reconnect=seconds]``
+ ``tcp:[host]:port[,server=on|off][,wait=on|off][,nodelay=on|off][,reconnect=seconds]``
The TCP Net Console has two modes of operation. It can send the
serial I/O to a location or wait for a connection from a
location. By default the TCP Net Console is sent to host at the
port. If you use the ``server=on`` option QEMU will wait for a client
socket application to connect to the port before continuing,
- unless the ``wait=on|off`` option was specified. The ``delay=on|off``
+ unless the ``wait=on|off`` option was specified. The ``nodelay=on|off``
option disables the Nagle buffering algorithm. The ``reconnect=on``
option only applies if ``server=no`` is set, if the connection goes
down it will attempt to reconnect at the given interval. If host
``Example to not wait and listen on ip 192.168.0.100 port 4444``
-serial tcp:192.168.0.100:4444,server=on,wait=off
- ``telnet:host:port[,server=on|off][,wait=on|off][,delay=on|off]``
+ ``telnet:host:port[,server=on|off][,wait=on|off][,nodelay=on|off]``
The telnet protocol is used instead of raw tcp sockets. The
options work the same as if you had specified ``-serial tcp``.
The difference is that the port acts like a telnet server or
you do it with Control-] and then type "send break" followed by
pressing the enter key.
- ``websocket:host:port,server=on[,wait=on|off][,delay=on|off]``
+ ``websocket:host:port,server=on[,wait=on|off][,nodelay=on|off]``
The WebSocket protocol is used instead of raw tcp socket. The
port acts as a WebSocket server. Client mode is not supported.
"-mon [chardev=]name[,mode=readline|control][,pretty[=on|off]]\n", QEMU_ARCH_ALL)
SRST
``-mon [chardev=]name[,mode=readline|control][,pretty[=on|off]]``
- Setup monitor on chardev name. ``pretty`` turns on JSON pretty
- printing easing human reading and debugging.
+ Setup monitor on chardev name. ``pretty`` is only valid when
+ ``mode=control``, turning on JSON pretty printing to ease
+ human reading and debugging.
ERST
DEF("debugcon", HAS_ARG, QEMU_OPTION_debugcon, \
" use 'obsolete' to allow obsolete system calls that are provided\n" \
" by the kernel, but typically no longer used by modern\n" \
" C library implementations.\n" \
- " use 'elevateprivileges' to allow or deny QEMU process to elevate\n" \
- " its privileges by blacklisting all set*uid|gid system calls.\n" \
+ " use 'elevateprivileges' to allow or deny the QEMU process ability\n" \
+ " to elevate privileges using set*uid|gid system calls.\n" \
" The value 'children' will deny set*uid|gid system calls for\n" \
" main QEMU process but will allow forks and execves to run unprivileged\n" \
" use 'spawn' to avoid QEMU to spawn new threads or processes by\n" \
- " blacklisting *fork and execve\n" \
+ " blocking *fork and execve\n" \
" use 'resourcecontrol' to disable process affinity and schedular priority\n",
QEMU_ARCH_ALL)
SRST
ERST
DEF("writeconfig", HAS_ARG, QEMU_OPTION_writeconfig,
"-writeconfig <file>\n"
- " read/write config file\n", QEMU_ARCH_ALL)
+ " read/write config file (deprecated)\n", QEMU_ARCH_ALL)
SRST
-``-writeconfig file``
- Write device configuration to file. The file can be either filename
- to save command line and device configuration into file or dash
- ``-``) character to print the output to stdout. This can be later
- used as input file for ``-readconfig`` option.
ERST
DEF("no-user-config", 0, QEMU_OPTION_nouserconfig,