On Fri, Jan 14, 2011 at 10:22:19AM -0700, Eric Blake wrote: > On 01/14/2011 05:24 AM, Daniel P. Berrange wrote: > > On Thu, Jan 13, 2011 at 05:34:35PM -0700, Eric Blake wrote: > >> Assuming a hypervisor that supports multiple smartcard devices in the > >> guest, this would be a valid XML description: > > > > This looks pretty reasonable, but is going to require additions > > to the security driver code. In the SetAllLabel method of the > > security drivers you'll need to iterate over all smartcards. > > Good catch. I'm working on that portion now. I've gone ahead and > pushed 1 and 2, given that they were straight ack and were preliminary > patches useful even without smartcard support. > > > > >> > >> <devices> > >> <smartcard mode='host'/> > > > > I guess there is some /dev/smartcard device that needs to > > be accessed and thus labelled here ? > > I'm not sure. Alon, since -device ccid-card-emulated makes qemu use NSS > to access the host's smartcard, do we need to add any particular > permissions to a device file to allow qemu access to the host device > (and if so, is it /dev/smartcard or something else on the host)? The host, in the non certificates backed card case, would have some smartcard reader device, I've tested using CCID devices (the same device I'm emulating), which is a USB device, so the device file in question is /dev/bus/usb/<busnum>/<devicenum> and qemu would need permissions to access that. There are serial port connected readers I think too, so /dev/ttyS*. How would you determine the exact files? you could maybe try to find out which devices NSS accesses? I'll try to find some command (maybe certutil) or example with NSS to access this information. > > > ACK for the patch > > Even though patch 3 is just docs, I'll hold off pushing this until I've > completed incorporating the security driver fixes as well. > > -- > Eric Blake eblake@xxxxxxxxxx +1-801-349-2682 > Libvirt virtualization library http://libvirt.org > -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list