[PATCHv3 0/5] smartcard: round 3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This series has hopefully taken into account all the feedback from v2
(https://www.redhat.com/archives/libvir-list/2011-January/msg00608.html).

Major changes:
 - enhance the XML to support optional ccid <controller> (missing
controllers are added according to <address> elements) and optional
<address> per smartcard (missing address assume the next available
port on controller 0)
 - enhance the XML to support an optional <source dev='/path'/> for
host mode. For now, this path is only used in SELinux labeling; I
suspect that this needs more work, since the point is that a single
device in the host should be shared among the NSS implementation of
multiple guests (so labeling the host device to belong to a single
guest is wrong); but fixing it correctly requires a better
understanding of what NSS actually needs to access, as well as
possibly modifying qemu's smartcard implementation to take the
host device either as a pathname or even as an already-opened fd.
 - enhance the XML to support an optional <database> element for
host-certificates mode.
 - enhance the qemu command line to fully populate all parameters,
rather than the bare minimum defaults, and reflect that in the tests.

It requires this pre-requisite patch for qemu -chardev aliases:
https://www.redhat.com/archives/libvir-list/2011-January/msg01032.html

Eric Blake (5):
  smartcard: add XML support for <smartcard> device
  smartcard: add domain conf support
  smartcard: check for qemu capability
  smartcard: enable SELinux support
  smartcard: turn on qemu support

 cfg.mk                                             |    1 +
 docs/formatdomain.html.in                          |   95 +++++-
 docs/schemas/domain.rng                            |   73 ++++
 src/conf/domain_conf.c                             |  396 +++++++++++++++++++-
 src/conf/domain_conf.h                             |   53 +++-
 src/libvirt_private.syms                           |    4 +
 src/qemu/qemu_capabilities.c                       |    2 +
 src/qemu/qemu_capabilities.h                       |    1 +
 src/qemu/qemu_command.c                            |   90 +++++-
 src/security/security_selinux.c                    |   94 +++++
 .../qemuxml2argv-smartcard-controller.args         |    1 +
 .../qemuxml2argv-smartcard-controller.xml          |   20 +
 .../qemuxml2argv-smartcard-host-certificates.args  |    1 +
 .../qemuxml2argv-smartcard-host-certificates.xml   |   20 +
 .../qemuxml2argv-smartcard-host.args               |    1 +
 .../qemuxml2argv-smartcard-host.xml                |   16 +
 .../qemuxml2argv-smartcard-passthrough-tcp.args    |    1 +
 .../qemuxml2argv-smartcard-passthrough-tcp.xml     |   19 +
 tests/qemuxml2argvtest.c                           |   13 +
 19 files changed, 887 insertions(+), 14 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-controller.args
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-controller.xml
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.args
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.xml
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-host.args
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-host.xml
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough-tcp.args
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough-tcp.xml

-- 
1.7.3.5

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]