[libvirt] [PATCH v8 05/18] qemu: Extend qemu_conf with tpm-emulator support
Stefan Berger
stefanb at linux.vnet.ibm.com
Thu May 24 20:26:01 UTC 2018
Extend qemu_conf with user and group for running the tpm-emulator
and add directories to the configuration for the locations of the
log, state, and socket of the tpm-emulator.
Also add these new directories to the QEMU Makefile.inc.am and
the RPM spec file libvirt.spec.in.
Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan at redhat.com>
---
libvirt.spec.in | 2 ++
src/qemu/Makefile.inc.am | 6 ++++++
src/qemu/libvirtd_qemu.aug | 5 +++++
src/qemu/qemu.conf | 8 +++++++
src/qemu/qemu_conf.c | 43 ++++++++++++++++++++++++++++++++++++++
src/qemu/qemu_conf.h | 6 ++++++
src/qemu/test_libvirtd_qemu.aug.in | 2 ++
7 files changed, 72 insertions(+)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 0e4a84c98c..6ec3dcdce4 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1903,6 +1903,8 @@ exit 0
%{_datadir}/augeas/lenses/libvirtd_qemu.aug
%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug
%{_libdir}/%{name}/connection-driver/libvirt_driver_qemu.so
+%dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/swtpm/
+%dir %attr(0711, root, root) %{_localstatedir}/log/swtpm/libvirt/qemu/
%endif
%if %{with_lxc}
diff --git a/src/qemu/Makefile.inc.am b/src/qemu/Makefile.inc.am
index 63e7c878d1..7f50501f18 100644
--- a/src/qemu/Makefile.inc.am
+++ b/src/qemu/Makefile.inc.am
@@ -129,12 +129,18 @@ install-data-qemu:
$(MKDIR_P) "$(DESTDIR)$(localstatedir)/run/libvirt/qemu"
$(MKDIR_P) "$(DESTDIR)$(localstatedir)/cache/libvirt/qemu"
$(MKDIR_P) "$(DESTDIR)$(localstatedir)/log/libvirt/qemu"
+ $(MKDIR_P) "$(DESTDIR)$(localstatedir)/lib/libvirt/swtpm"
+ $(MKDIR_P) "$(DESTDIR)$(localstatedir)/run/libvirt/qemu/swtpm"
+ $(MKDIR_P) "$(DESTDIR)$(localstatedir)/log/swtpm/libvirt/qemu"
uninstall-data-qemu:
rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/qemu" ||:
rmdir "$(DESTDIR)$(localstatedir)/run/libvirt/qemu" ||:
rmdir "$(DESTDIR)$(localstatedir)/cache/libvirt/qemu" ||:
rmdir "$(DESTDIR)$(localstatedir)/log/libvirt/qemu" ||:
+ rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/swtpm"
+ rmdir "$(DESTDIR)$(localstatedir)/run/libvirt/qemu/swtpm" ||:
+ rmdir "$(DESTDIR)$(localstatedir)/log/swtpm/libvirt/qemu" ||:
endif WITH_QEMU
diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index 2dc16e91fd..98bf617049 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -119,6 +119,9 @@ module Libvirtd_qemu =
let vxhs_entry = bool_entry "vxhs_tls"
| str_entry "vxhs_tls_x509_cert_dir"
+ let swtpm_user_entry = str_entry "swtpm_user"
+ let swtpm_group_entry = str_entry "swtpm_group"
+
(* Each entry in the config is one of the following ... *)
let entry = default_tls_entry
| vnc_entry
@@ -138,6 +141,8 @@ module Libvirtd_qemu =
| gluster_debug_level_entry
| memory_entry
| vxhs_entry
+ | swtpm_user_entry
+ | swtpm_group_entry
let comment = [ label "#comment" . del /#[ \t]*/ "# " . store /([^ \t\n][^\n]*)?/ . del /\n/ "\n" ]
let empty = [ label "#empty" . eol ]
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 31738ff19c..54a8ffb2bf 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -783,3 +783,11 @@
# Path to the SCSI persistent reservations helper. This helper is
# used whenever <reservations/> are enabled for SCSI LUN devices.
#pr_helper = "/usr/bin/qemu-pr-helper"
+
+# User for the swtpm TPM Emulator
+#
+# Default is 'tss'; this is the same user that tcsd (TrouSerS) installs
+# and uses; alternative is 'root'
+#
+#swtpm_user = "tss"
+#swtpm_group = "tss"
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 277ab833a8..674b6e847b 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -159,6 +159,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
"%s/log/libvirt/qemu", LOCALSTATEDIR) < 0)
goto error;
+ if (virAsprintf(&cfg->swtpmLogDir,
+ "%s/log/swtpm/libvirt/qemu", LOCALSTATEDIR) < 0)
+ goto error;
+
if (VIR_STRDUP(cfg->configBaseDir, SYSCONFDIR "/libvirt") < 0)
goto error;
@@ -166,6 +170,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
"%s/run/libvirt/qemu", LOCALSTATEDIR) < 0)
goto error;
+ if (virAsprintf(&cfg->swtpmStateDir,
+ "%s/run/libvirt/qemu/swtpm", LOCALSTATEDIR) < 0)
+ goto error;
+
if (virAsprintf(&cfg->cacheDir,
"%s/cache/libvirt/qemu", LOCALSTATEDIR) < 0)
goto error;
@@ -186,6 +194,13 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
goto error;
if (virAsprintf(&cfg->memoryBackingDir, "%s/ram", cfg->libDir) < 0)
goto error;
+ if (virAsprintf(&cfg->swtpmStorageDir, "%s/lib/libvirt/swtpm",
+ LOCALSTATEDIR) < 0)
+ goto error;
+ if (virGetUserID("tss", &cfg->swtpm_user) < 0)
+ cfg->swtpm_user = 0; /* fall back to root */
+ if (virGetGroupID("tss", &cfg->swtpm_group) < 0)
+ cfg->swtpm_group = 0; /* fall back to root */
} else {
char *rundir;
char *cachedir;
@@ -199,6 +214,11 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
VIR_FREE(cachedir);
goto error;
}
+ if (virAsprintf(&cfg->swtpmLogDir,
+ "%s/qemu/log", cachedir) < 0) {
+ VIR_FREE(cachedir);
+ goto error;
+ }
if (virAsprintf(&cfg->cacheDir, "%s/qemu/cache", cachedir) < 0) {
VIR_FREE(cachedir);
goto error;
@@ -214,6 +234,9 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
}
VIR_FREE(rundir);
+ if (virAsprintf(&cfg->swtpmStateDir, "%s/swtpm", cfg->stateDir) < 0)
+ goto error;
+
if (!(cfg->configBaseDir = virGetUserConfigDirectory()))
goto error;
@@ -233,6 +256,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
goto error;
if (virAsprintf(&cfg->memoryBackingDir, "%s/qemu/ram", cfg->configBaseDir) < 0)
goto error;
+ if (virAsprintf(&cfg->swtpmStorageDir, "%s/qemu/swtpm", cfg->configBaseDir) < 0)
+ goto error;
+ cfg->swtpm_user = (uid_t)-1;
+ cfg->swtpm_group = (gid_t)-1;
}
if (virAsprintf(&cfg->configDir, "%s/qemu", cfg->configBaseDir) < 0)
@@ -352,7 +379,9 @@ static void virQEMUDriverConfigDispose(void *obj)
VIR_FREE(cfg->configDir);
VIR_FREE(cfg->autostartDir);
VIR_FREE(cfg->logDir);
+ VIR_FREE(cfg->swtpmLogDir);
VIR_FREE(cfg->stateDir);
+ VIR_FREE(cfg->swtpmStateDir);
VIR_FREE(cfg->libDir);
VIR_FREE(cfg->cacheDir);
@@ -402,6 +431,7 @@ static void virQEMUDriverConfigDispose(void *obj)
virFirmwareFreeList(cfg->firmwares, cfg->nfirmwares);
VIR_FREE(cfg->memoryBackingDir);
+ VIR_FREE(cfg->swtpmStorageDir);
}
@@ -473,6 +503,7 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
size_t i, j;
char *stdioHandler = NULL;
char *user = NULL, *group = NULL;
+ char *swtpm_user = NULL, *swtpm_group = NULL;
char **controllers = NULL;
char **hugetlbfs = NULL;
char **nvram = NULL;
@@ -912,6 +943,16 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
if (virConfGetValueString(conf, "memory_backing_dir", &cfg->memoryBackingDir) < 0)
goto cleanup;
+ if (virConfGetValueString(conf, "swtpm_user", &swtpm_user) < 0)
+ goto cleanup;
+ if (swtpm_user && virGetUserID(swtpm_user, &cfg->swtpm_user) < 0)
+ goto cleanup;
+
+ if (virConfGetValueString(conf, "swtpm_group", &swtpm_group) < 0)
+ goto cleanup;
+ if (swtpm_group && virGetGroupID(swtpm_group, &cfg->swtpm_group) < 0)
+ goto cleanup;
+
ret = 0;
cleanup:
@@ -922,6 +963,8 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
VIR_FREE(corestr);
VIR_FREE(user);
VIR_FREE(group);
+ VIR_FREE(swtpm_user);
+ VIR_FREE(swtpm_group);
virConfFree(conf);
return ret;
}
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index 7a63780c48..70fcc08f37 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -102,7 +102,9 @@ struct _virQEMUDriverConfig {
char *configDir;
char *autostartDir;
char *logDir;
+ char *swtpmLogDir;
char *stateDir;
+ char *swtpmStateDir;
/* These two directories are ones QEMU processes use (so must match
* the QEMU user/group */
char *libDir;
@@ -111,6 +113,7 @@ struct _virQEMUDriverConfig {
char *snapshotDir;
char *channelTargetDir;
char *nvramDir;
+ char *swtpmStorageDir;
char *defaultTLSx509certdir;
bool checkdefaultTLSx509certdir;
@@ -207,6 +210,9 @@ struct _virQEMUDriverConfig {
bool vxhsTLS;
char *vxhsTLSx509certdir;
+
+ uid_t swtpm_user;
+ gid_t swtpm_group;
};
/* Main driver state */
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in
index 95885e9f06..a875fc2819 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -101,3 +101,5 @@ module Test_libvirtd_qemu =
}
{ "memory_backing_dir" = "/var/lib/libvirt/qemu/ram" }
{ "pr_helper" = "/usr/bin/qemu-pr-helper" }
+{ "swtpm_user" = "tss" }
+{ "swtpm_group" = "tss" }
--
2.14.3
More information about the libvir-list
mailing list