On Mon, Jan 31, 2011 at 04:33:46PM -0700, Eric Blake wrote: > On 01/26/2011 11:29 AM, Alon Levy wrote: > > yes, the db is a directory name, treated as normal (can be absolute or relative > > to cwd, I don't check, just feed it to NSS). > > From qemu's point of view, it can be relative; but how does a libvirt > user know what directory libvirt will be running in? Hence in the xml > we might as well enforce that it be absolute, with no loss of > functionality (and gui wrappers around libvirt can use typical file > browser windows to allow relative browsing to locate such a directory). > > > It defaults to /etc/pki/nssdb: > > (certutil needs an argument, we have it #defined: > > hw/ccid-card-emulated.c:#define CERTIFICATES_DEFAULT_DB "/etc/pki/nssdb" > > Okay, I'll add that same default to libvirt. > > >> Should we also have 'database' for the 'host' mode if we need one ? > > Yes, without it the usage of certificates is limited to the default certificate > > store, and if anyone wants to run multiple qemu's with different certificates they > > may want to put them into different dbs. > > Does qemu accept -device ccid-card-emulated,backend=nss-emulated,db=xyz? > No, the db is only for backend=certificates, I thought that's what we were talking about. > That is, if NSS is using a host USB device, then I don't see what the > use is of providing a database directory in that case. It isn't, see above. > > I don't see a need to add a <database> subelement to mode='host' in the > XML right now; we can leave that as a future enhancement to the XML > without affecting this patch. I'm more worried that this patch does > _not_ include anything that doesn't make sense, than I am about adding > more later if we find we missed something. As long as you are talking about host mode not needing db I'm with you. But certificates mode (i.e. -device ccid-card-emulated,backend=certificates) does. > > -- > Eric Blake eblake@xxxxxxxxxx +1-801-349-2682 > Libvirt virtualization library http://libvirt.org > -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list