[libvirt] [PATCHv3 0/5] smartcard: round 3
Eric Blake
eblake at redhat.com
Wed Jan 26 00:36:53 UTC 2011
This series has hopefully taken into account all the feedback from v2
(https://www.redhat.com/archives/libvir-list/2011-January/msg00608.html).
Major changes:
- enhance the XML to support optional ccid <controller> (missing
controllers are added according to <address> elements) and optional
<address> per smartcard (missing address assume the next available
port on controller 0)
- enhance the XML to support an optional <source dev='/path'/> for
host mode. For now, this path is only used in SELinux labeling; I
suspect that this needs more work, since the point is that a single
device in the host should be shared among the NSS implementation of
multiple guests (so labeling the host device to belong to a single
guest is wrong); but fixing it correctly requires a better
understanding of what NSS actually needs to access, as well as
possibly modifying qemu's smartcard implementation to take the
host device either as a pathname or even as an already-opened fd.
- enhance the XML to support an optional <database> element for
host-certificates mode.
- enhance the qemu command line to fully populate all parameters,
rather than the bare minimum defaults, and reflect that in the tests.
It requires this pre-requisite patch for qemu -chardev aliases:
https://www.redhat.com/archives/libvir-list/2011-January/msg01032.html
Eric Blake (5):
smartcard: add XML support for <smartcard> device
smartcard: add domain conf support
smartcard: check for qemu capability
smartcard: enable SELinux support
smartcard: turn on qemu support
cfg.mk | 1 +
docs/formatdomain.html.in | 95 +++++-
docs/schemas/domain.rng | 73 ++++
src/conf/domain_conf.c | 396 +++++++++++++++++++-
src/conf/domain_conf.h | 53 +++-
src/libvirt_private.syms | 4 +
src/qemu/qemu_capabilities.c | 2 +
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 90 +++++-
src/security/security_selinux.c | 94 +++++
.../qemuxml2argv-smartcard-controller.args | 1 +
.../qemuxml2argv-smartcard-controller.xml | 20 +
.../qemuxml2argv-smartcard-host-certificates.args | 1 +
.../qemuxml2argv-smartcard-host-certificates.xml | 20 +
.../qemuxml2argv-smartcard-host.args | 1 +
.../qemuxml2argv-smartcard-host.xml | 16 +
.../qemuxml2argv-smartcard-passthrough-tcp.args | 1 +
.../qemuxml2argv-smartcard-passthrough-tcp.xml | 19 +
tests/qemuxml2argvtest.c | 13 +
19 files changed, 887 insertions(+), 14 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-controller.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-controller.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-host.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-host.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough-tcp.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough-tcp.xml
--
1.7.3.5
More information about the libvir-list
mailing list