Re: [RFC PATCHv2 3/5] smartcard: add XML support for <smartcard> device

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Jan 15, 2011 at 02:37:33PM +0200, Alon Levy wrote:
> On Fri, Jan 14, 2011 at 10:22:19AM -0700, Eric Blake wrote:
> > On 01/14/2011 05:24 AM, Daniel P. Berrange wrote:
> > > On Thu, Jan 13, 2011 at 05:34:35PM -0700, Eric Blake wrote:
> > >> Assuming a hypervisor that supports multiple smartcard devices in the
> > >> guest, this would be a valid XML description:
> > > 
> > > This looks pretty reasonable, but is going to require additions
> > > to the security driver code. In the SetAllLabel method of the
> > > security drivers you'll need to iterate over all smartcards.
> > 
> > Good catch.  I'm working on that portion now.  I've gone ahead and
> > pushed 1 and 2, given that they were straight ack and were preliminary
> > patches useful even without smartcard support.
> > 
> > > 
> > >>
> > >> <devices>
> > >>   <smartcard mode='host'/>
> > > 
> > > I guess there is some /dev/smartcard device that needs to
> > > be accessed and thus labelled here ?
> > 
> > I'm not sure.  Alon, since -device ccid-card-emulated makes qemu use NSS
> > to access the host's smartcard, do we need to add any particular
> > permissions to a device file to allow qemu access to the host device
> > (and if so, is it /dev/smartcard or something else on the host)?
> 
> The host, in the non certificates backed card case, would have some smartcard
> reader device, I've tested using CCID devices (the same device I'm emulating),
> which is a USB device, so the device file in question is /dev/bus/usb/<busnum>/<devicenum>
> and qemu would need permissions to access that. There are serial port connected
> readers I think too, so /dev/ttyS*. How would you determine the exact files?
> you could maybe try to find out which devices NSS accesses? I'll try to
> find some command (maybe certutil) or example with NSS to access this information.

Yes, how do you tell NSS which USB device to use ? QEMU/NSS will certainly
*not* be allowed to scan the USB bus to find a device itself. So it seems
like the XML config should let the application explicitly include a path
/dev/usb/$BUS/$DEV which is explicitly passed to QEMU.

Regards,
Daniel

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]