On 01/26/2011 11:29 AM, Alon Levy wrote: > yes, the db is a directory name, treated as normal (can be absolute or relative > to cwd, I don't check, just feed it to NSS). From qemu's point of view, it can be relative; but how does a libvirt user know what directory libvirt will be running in? Hence in the xml we might as well enforce that it be absolute, with no loss of functionality (and gui wrappers around libvirt can use typical file browser windows to allow relative browsing to locate such a directory). > It defaults to /etc/pki/nssdb: > (certutil needs an argument, we have it #defined: > hw/ccid-card-emulated.c:#define CERTIFICATES_DEFAULT_DB "/etc/pki/nssdb" Okay, I'll add that same default to libvirt. >> Should we also have 'database' for the 'host' mode if we need one ? > Yes, without it the usage of certificates is limited to the default certificate > store, and if anyone wants to run multiple qemu's with different certificates they > may want to put them into different dbs. Does qemu accept -device ccid-card-emulated,backend=nss-emulated,db=xyz? That is, if NSS is using a host USB device, then I don't see what the use is of providing a database directory in that case. I don't see a need to add a <database> subelement to mode='host' in the XML right now; we can leave that as a future enhancement to the XML without affecting this patch. I'm more worried that this patch does _not_ include anything that doesn't make sense, than I am about adding more later if we find we missed something. -- Eric Blake eblake@xxxxxxxxxx +1-801-349-2682 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list