On 12/17/13 19:36, Eric Blake wrote: > On a system that is enforcing FIPS, most libraries honor the > current mode by default. Qemu, on the other hand, refused to > honor FIPS mode unless you add the '-enable-fips' command > line option; worse, this option is not discoverable via QMP, > and is only present on binaries built for Linux. So, if we > detect FIPS mode, then we unconditionally ask for FIPS; either > qemu is new enough to have the option and then correctly > cripple insecure VNC passwords, or it is so old that we are > correctly avoiding a FIPS violation by preventing qemu from > starting. Meanwhile, if we don't detect FIPS mode, then > omitting the argument is safe whether the qemu has the option > (but it would do nothing because FIPS is disabled) or whether > qemu lacks the option (including in the case where we are not > running on Linux). > > The testsuite was a bit interesting: we don't want our test > to depend on whether it is being run in FIPS mode, so I had > to tweak things to set the capability bit outside of our > normal interaction with capability parsing. > > This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1035474 > > * src/qemu/qemu_capabilities.h (QEMU_CAPS_ENABLE_FIPS): New bit. > * src/qemu/qemu_capabilities.c (virQEMUCapsInitQMP): Conditionally > set capability according to detection of FIPS mode. > * src/qemu/qemu_command.c (qemuBuildCommandLine): Use it. > * tests/qemucapabilitiestest.c (testQemuCaps): Conditionally set > capability to test expected output. > * tests/qemucapabilitiesdata/caps_1.2.2-1.caps: Update list. > * tests/qemucapabilitiesdata/caps_1.6.0-1.caps: Likewise. > > Signed-off-by: Eric Blake <eblake@xxxxxxxxxx> > --- > > v3: use virFileReadAll correctly > > src/qemu/qemu_capabilities.c | 27 ++++++++++++++++++++++++++- > src/qemu/qemu_capabilities.h | 1 + > src/qemu/qemu_command.c | 2 ++ > tests/qemucapabilitiesdata/caps_1.2.2-1.caps | 1 + > tests/qemucapabilitiesdata/caps_1.6.0-1.caps | 1 + > tests/qemucapabilitiestest.c | 20 +++++++++++++++----- > 6 files changed, 46 insertions(+), 6 deletions(-) ACK. I verified that the detection works correctly when the file is present and contains the expected data. Peter
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list