[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCHv3 1/5] smartcard: add XML support for <smartcard> device

On Mon, Jan 31, 2011 at 04:33:46PM -0700, Eric Blake wrote:
> On 01/26/2011 11:29 AM, Alon Levy wrote:
> > yes, the db is a directory name, treated as normal (can be absolute or relative
> > to cwd, I don't check, just feed it to NSS).
> From qemu's point of view, it can be relative; but how does a libvirt
> user know what directory libvirt will be running in?  Hence in the xml
> we might as well enforce that it be absolute, with no loss of
> functionality (and gui wrappers around libvirt can use typical file
> browser windows to allow relative browsing to locate such a directory).
> > It defaults to /etc/pki/nssdb:
> > (certutil needs an argument, we have it #defined:
> > hw/ccid-card-emulated.c:#define CERTIFICATES_DEFAULT_DB "/etc/pki/nssdb"
> Okay, I'll add that same default to libvirt.
> >> Should we also have 'database' for the 'host' mode if we need one ?
> > Yes, without it the usage of certificates is limited to the default certificate
> > store, and if anyone wants to run multiple qemu's with different certificates they
> > may want to put them into different dbs. 
> Does qemu accept -device ccid-card-emulated,backend=nss-emulated,db=xyz?

No, the db is only for backend=certificates, I thought that's what we were
talking about.

> That is, if NSS is using a host USB device, then I don't see what the
> use is of providing a database directory in that case.
It isn't, see above.

> I don't see a need to add a <database> subelement to mode='host' in the
> XML right now; we can leave that as a future enhancement to the XML
> without affecting this patch.  I'm more worried that this patch does
> _not_ include anything that doesn't make sense, than I am about adding
> more later if we find we missed something.
As long as you are talking about host mode not needing db I'm with you. But
certificates mode (i.e. -device ccid-card-emulated,backend=certificates) does.

> -- 
> Eric Blake   eblake redhat com    +1-801-349-2682
> Libvirt virtualization library http://libvirt.org

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]