subject:"\[libvirt\] \[PATCH v3 08\/14\] qemu\: Extend qemu

Re: [libvirt] [PATCH v3 08/14] qemu: Extend qemu_conf with tpm-emulator support

2018-05-09 Thread Stefan Berger


On 05/08/2018 04:30 PM, John Ferlan wrote:


On 05/04/2018 04:21 PM, Stefan Berger wrote:

Extend qemu_conf with user and group for running the tpm-emulator
and add directories to the configuration for the locations of the
log, state, and socket of the tpm-emulator.

Signed-off-by: Stefan Berger 
---
  src/qemu/libvirtd_qemu.aug |  5 +
  src/qemu/qemu.conf |  8 +++
  src/qemu/qemu_conf.c   | 43 ++
  src/qemu/qemu_conf.h   |  6 ++
  src/qemu/test_libvirtd_qemu.aug.in |  2 ++
  5 files changed, 64 insertions(+)


I think you'd need to also alter libvirt.spec.in since you're adding new
directories... That's one of those make rpm type activities IIRC.


Adding that to this patch.




diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index c19bf3a..23bfe67 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -118,6 +118,9 @@ module Libvirtd_qemu =
 let vxhs_entry = bool_entry "vxhs_tls"
   | str_entry "vxhs_tls_x509_cert_dir"
  
+   let swtpm_user_entry = str_entry "swtpm_user"

+   let swtpm_group_entry = str_entry "swtpm_group"
+
 (* Each entry in the config is one of the following ... *)
 let entry = default_tls_entry
   | vnc_entry
@@ -137,6 +140,8 @@ module Libvirtd_qemu =
   | gluster_debug_level_entry
   | memory_entry
   | vxhs_entry
+ | swtpm_user_entry
+ | swtpm_group_entry
  
 let comment = [ label "#comment" . del /#[ \t]*/ "# " .  store /([^ \t\n][^\n]*)?/ . del /\n/ "\n" ]

 let empty = [ label "#empty" . eol ]
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 3444185..26a6dc7 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -779,3 +779,11 @@
  # This directory is used for memoryBacking source if configured as file.
  # NOTE: big files will be stored here
  #memory_backing_dir = "/var/lib/libvirt/qemu/ram"
+
+# User for the swtpm TPM Emulator
+#
+# Default is 'tss'; this is the same user that tcsd (TrouSerS) installs
+# and uses; alternative is 'root'
+#
+#swtpm_user = "tss"
+#swtpm_group = "tss"
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index bfbb572..99c37c6 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -159,6 +159,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool 
privileged)
  "%s/log/libvirt/qemu", LOCALSTATEDIR) < 0)
  goto error;
  
+if (virAsprintf(>swtpmLogDir,

+"%s/log/swtpm/libvirt/qemu", LOCALSTATEDIR) < 0)
+goto error;
+
  if (VIR_STRDUP(cfg->configBaseDir, SYSCONFDIR "/libvirt") < 0)
  goto error;
  
@@ -166,6 +170,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)

"%s/run/libvirt/qemu", LOCALSTATEDIR) < 0)
  goto error;
  
+if (virAsprintf(>swtpmStateDir,

+   "%s/run/libvirt/qemu/swtpm", LOCALSTATEDIR) < 0)
+goto error;
+
  if (virAsprintf(>cacheDir,
"%s/cache/libvirt/qemu", LOCALSTATEDIR) < 0)
  goto error;
@@ -186,6 +194,13 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool 
privileged)
  goto error;
  if (virAsprintf(>memoryBackingDir, "%s/ram", cfg->libDir) < 0)
  goto error;
+if (virAsprintf(>swtpmStorageDir, "%s/lib/libvirt/swtpm",
+LOCALSTATEDIR) < 0)
+goto error;
+if (virGetUserID("tss", >swtpm_user) < 0)
+cfg->swtpm_user = 0; /* fall back to root */
+if (virGetGroupID("tss", >swtpm_group) < 0)
+cfg->swtpm_group = 0; /* fall back to root */
  } else {
  char *rundir;
  char *cachedir;
@@ -199,6 +214,11 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool 
privileged)
  VIR_FREE(cachedir);
  goto error;
  }
+if (virAsprintf(>swtpmLogDir,
+"%s/qemu/log", cachedir) < 0) {

Is it intentionally the same as ->logDir?  Or did you want to have it's
own?  Doesn't matter to me - just asking.


Yes. Permissions are not an issue in this case while in the privileged 
case I had to put the swtpm logs elsewhere due to file permissions.





+VIR_FREE(cachedir);
+goto error;
+}
  if (virAsprintf(>cacheDir, "%s/qemu/cache", cachedir) < 0) {
  VIR_FREE(cachedir);
  goto error;
@@ -214,6 +234,9 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool 
privileged)
  }
  VIR_FREE(rundir);
  
+if (virAsprintf(>swtpmStateDir, "%s/swtpm", cfg->stateDir) < 0)

+goto error;
+

This one has it's own...  although I wonder if it should be swtpm/run to
mimic cfg->stateDir


If 'run' implies that the directory can be deleted, like seems to be

Re: [libvirt] [PATCH v3 08/14] qemu: Extend qemu_conf with tpm-emulator support

2018-05-08 Thread John Ferlan



On 05/04/2018 04:21 PM, Stefan Berger wrote:
> Extend qemu_conf with user and group for running the tpm-emulator
> and add directories to the configuration for the locations of the
> log, state, and socket of the tpm-emulator.
> 
> Signed-off-by: Stefan Berger 
> ---
>  src/qemu/libvirtd_qemu.aug |  5 +
>  src/qemu/qemu.conf |  8 +++
>  src/qemu/qemu_conf.c   | 43 
> ++
>  src/qemu/qemu_conf.h   |  6 ++
>  src/qemu/test_libvirtd_qemu.aug.in |  2 ++
>  5 files changed, 64 insertions(+)
> 

I think you'd need to also alter libvirt.spec.in since you're adding new
directories... That's one of those make rpm type activities IIRC.

> diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
> index c19bf3a..23bfe67 100644
> --- a/src/qemu/libvirtd_qemu.aug
> +++ b/src/qemu/libvirtd_qemu.aug
> @@ -118,6 +118,9 @@ module Libvirtd_qemu =
> let vxhs_entry = bool_entry "vxhs_tls"
>   | str_entry "vxhs_tls_x509_cert_dir"
>  
> +   let swtpm_user_entry = str_entry "swtpm_user"
> +   let swtpm_group_entry = str_entry "swtpm_group"
> +
> (* Each entry in the config is one of the following ... *)
> let entry = default_tls_entry
>   | vnc_entry
> @@ -137,6 +140,8 @@ module Libvirtd_qemu =
>   | gluster_debug_level_entry
>   | memory_entry
>   | vxhs_entry
> + | swtpm_user_entry
> + | swtpm_group_entry
>  
> let comment = [ label "#comment" . del /#[ \t]*/ "# " .  store /([^ 
> \t\n][^\n]*)?/ . del /\n/ "\n" ]
> let empty = [ label "#empty" . eol ]
> diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
> index 3444185..26a6dc7 100644
> --- a/src/qemu/qemu.conf
> +++ b/src/qemu/qemu.conf
> @@ -779,3 +779,11 @@
>  # This directory is used for memoryBacking source if configured as file.
>  # NOTE: big files will be stored here
>  #memory_backing_dir = "/var/lib/libvirt/qemu/ram"
> +
> +# User for the swtpm TPM Emulator
> +#
> +# Default is 'tss'; this is the same user that tcsd (TrouSerS) installs
> +# and uses; alternative is 'root'
> +#
> +#swtpm_user = "tss"
> +#swtpm_group = "tss"
> diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
> index bfbb572..99c37c6 100644
> --- a/src/qemu/qemu_conf.c
> +++ b/src/qemu/qemu_conf.c
> @@ -159,6 +159,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool 
> privileged)
>  "%s/log/libvirt/qemu", LOCALSTATEDIR) < 0)
>  goto error;
>  
> +if (virAsprintf(>swtpmLogDir,
> +"%s/log/swtpm/libvirt/qemu", LOCALSTATEDIR) < 0)
> +goto error;
> +
>  if (VIR_STRDUP(cfg->configBaseDir, SYSCONFDIR "/libvirt") < 0)
>  goto error;
>  
> @@ -166,6 +170,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool 
> privileged)
>"%s/run/libvirt/qemu", LOCALSTATEDIR) < 0)
>  goto error;
>  
> +if (virAsprintf(>swtpmStateDir,
> +   "%s/run/libvirt/qemu/swtpm", LOCALSTATEDIR) < 0)
> +goto error;
> +
>  if (virAsprintf(>cacheDir,
>"%s/cache/libvirt/qemu", LOCALSTATEDIR) < 0)
>  goto error;
> @@ -186,6 +194,13 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool 
> privileged)
>  goto error;
>  if (virAsprintf(>memoryBackingDir, "%s/ram", cfg->libDir) < 0)
>  goto error;
> +if (virAsprintf(>swtpmStorageDir, "%s/lib/libvirt/swtpm",
> +LOCALSTATEDIR) < 0)
> +goto error;
> +if (virGetUserID("tss", >swtpm_user) < 0)
> +cfg->swtpm_user = 0; /* fall back to root */
> +if (virGetGroupID("tss", >swtpm_group) < 0)
> +cfg->swtpm_group = 0; /* fall back to root */
>  } else {
>  char *rundir;
>  char *cachedir;
> @@ -199,6 +214,11 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool 
> privileged)
>  VIR_FREE(cachedir);
>  goto error;
>  }
> +if (virAsprintf(>swtpmLogDir,
> +"%s/qemu/log", cachedir) < 0) {

Is it intentionally the same as ->logDir?  Or did you want to have it's
own?  Doesn't matter to me - just asking.

> +VIR_FREE(cachedir);
> +goto error;
> +}
>  if (virAsprintf(>cacheDir, "%s/qemu/cache", cachedir) < 0) {
>  VIR_FREE(cachedir);
>  goto error;
> @@ -214,6 +234,9 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool 
> privileged)
>  }
>  VIR_FREE(rundir);
>  
> +if (virAsprintf(>swtpmStateDir, "%s/swtpm", cfg->stateDir) < 0)
> +goto error;
> +

This one has it's own...  although I wonder if it should be swtpm/run to
mimic cfg->stateDir

>  if (!(cfg->configBaseDir = virGetUserConfigDirectory()))
>  goto error;
>  
> @@

[libvirt] [PATCH v3 08/14] qemu: Extend qemu_conf with tpm-emulator support

2018-05-04 Thread Stefan Berger

Extend qemu_conf with user and group for running the tpm-emulator
and add directories to the configuration for the locations of the
log, state, and socket of the tpm-emulator.

Signed-off-by: Stefan Berger 
---
 src/qemu/libvirtd_qemu.aug |  5 +
 src/qemu/qemu.conf |  8 +++
 src/qemu/qemu_conf.c   | 43 ++
 src/qemu/qemu_conf.h   |  6 ++
 src/qemu/test_libvirtd_qemu.aug.in |  2 ++
 5 files changed, 64 insertions(+)

diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index c19bf3a..23bfe67 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -118,6 +118,9 @@ module Libvirtd_qemu =
let vxhs_entry = bool_entry "vxhs_tls"
  | str_entry "vxhs_tls_x509_cert_dir"
 
+   let swtpm_user_entry = str_entry "swtpm_user"
+   let swtpm_group_entry = str_entry "swtpm_group"
+
(* Each entry in the config is one of the following ... *)
let entry = default_tls_entry
  | vnc_entry
@@ -137,6 +140,8 @@ module Libvirtd_qemu =
  | gluster_debug_level_entry
  | memory_entry
  | vxhs_entry
+ | swtpm_user_entry
+ | swtpm_group_entry
 
let comment = [ label "#comment" . del /#[ \t]*/ "# " .  store /([^ 
\t\n][^\n]*)?/ . del /\n/ "\n" ]
let empty = [ label "#empty" . eol ]
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 3444185..26a6dc7 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -779,3 +779,11 @@
 # This directory is used for memoryBacking source if configured as file.
 # NOTE: big files will be stored here
 #memory_backing_dir = "/var/lib/libvirt/qemu/ram"
+
+# User for the swtpm TPM Emulator
+#
+# Default is 'tss'; this is the same user that tcsd (TrouSerS) installs
+# and uses; alternative is 'root'
+#
+#swtpm_user = "tss"
+#swtpm_group = "tss"
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index bfbb572..99c37c6 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -159,6 +159,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool 
privileged)
 "%s/log/libvirt/qemu", LOCALSTATEDIR) < 0)
 goto error;
 
+if (virAsprintf(>swtpmLogDir,
+"%s/log/swtpm/libvirt/qemu", LOCALSTATEDIR) < 0)
+goto error;
+
 if (VIR_STRDUP(cfg->configBaseDir, SYSCONFDIR "/libvirt") < 0)
 goto error;
 
@@ -166,6 +170,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool 
privileged)
   "%s/run/libvirt/qemu", LOCALSTATEDIR) < 0)
 goto error;
 
+if (virAsprintf(>swtpmStateDir,
+   "%s/run/libvirt/qemu/swtpm", LOCALSTATEDIR) < 0)
+goto error;
+
 if (virAsprintf(>cacheDir,
   "%s/cache/libvirt/qemu", LOCALSTATEDIR) < 0)
 goto error;
@@ -186,6 +194,13 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool 
privileged)
 goto error;
 if (virAsprintf(>memoryBackingDir, "%s/ram", cfg->libDir) < 0)
 goto error;
+if (virAsprintf(>swtpmStorageDir, "%s/lib/libvirt/swtpm",
+LOCALSTATEDIR) < 0)
+goto error;
+if (virGetUserID("tss", >swtpm_user) < 0)
+cfg->swtpm_user = 0; /* fall back to root */
+if (virGetGroupID("tss", >swtpm_group) < 0)
+cfg->swtpm_group = 0; /* fall back to root */
 } else {
 char *rundir;
 char *cachedir;
@@ -199,6 +214,11 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool 
privileged)
 VIR_FREE(cachedir);
 goto error;
 }
+if (virAsprintf(>swtpmLogDir,
+"%s/qemu/log", cachedir) < 0) {
+VIR_FREE(cachedir);
+goto error;
+}
 if (virAsprintf(>cacheDir, "%s/qemu/cache", cachedir) < 0) {
 VIR_FREE(cachedir);
 goto error;
@@ -214,6 +234,9 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool 
privileged)
 }
 VIR_FREE(rundir);
 
+if (virAsprintf(>swtpmStateDir, "%s/swtpm", cfg->stateDir) < 0)
+goto error;
+
 if (!(cfg->configBaseDir = virGetUserConfigDirectory()))
 goto error;
 
@@ -233,6 +256,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool 
privileged)
 goto error;
 if (virAsprintf(>memoryBackingDir, "%s/qemu/ram", 
cfg->configBaseDir) < 0)
 goto error;
+if (virAsprintf(>swtpmStorageDir, "%s/qemu/swtpm", 
cfg->configBaseDir) < 0)
+goto error;
+cfg->swtpm_user = -1;
+cfg->swtpm_group = -1;
 }
 
 if (virAsprintf(>configDir, "%s/qemu", cfg->configBaseDir) < 0)
@@ -351,7 +378,9 @@ static void virQEMUDriverConfigDispose(void *obj)
 VIR_FREE(cfg->configDir);
 VIR_FREE(cfg->autostartDir);
 VIR_FREE(cfg->logDir);
+

Re: [libvirt] [PATCH v3 08/14] qemu: Extend qemu_conf with tpm-emulator support

Re: [libvirt] [PATCH v3 08/14] qemu: Extend qemu_conf with tpm-emulator support

[libvirt] [PATCH v3 08/14] qemu: Extend qemu_conf with tpm-emulator support

3 matches

Site Navigation

Mail list logo

Footer information