On Thu, Jan 13, 2011 at 05:34:35PM -0700, Eric Blake wrote: > Assuming a hypervisor that supports multiple smartcard devices in the > guest, this would be a valid XML description: This looks pretty reasonable, but is going to require additions to the security driver code. In the SetAllLabel method of the security drivers you'll need to iterate over all smartcards. > > <devices> > <smartcard mode='host'/> I guess there is some /dev/smartcard device that needs to be accessed and thus labelled here ? > <smartcard mode='host-certificates'> > <certificate>/path/to/cert1</certificate> > <certificate>/path/to/cert2</certificate> > <certificate>/path/to/cert3</certificate> > </smartcard> Those cert paths will all need labelling with the 'readonly' disk label. > <smartcard mode='passthrough' type='tcp'> > <source mode='connect' host='127.0.0.1' service='2001'/> > <protocol type='raw'/> > </smartcard> There's already a helper API for labelling chardev configs that can be used. > </devices> ACK for the patch Daniel -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list