mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 13:45:38 +00:00
qemu: stop passing -enable-fips to QEMU >= 5.2.0
Use of the -enable-fips option is being deprecated in QEMU >= 5.2.0. If FIPS compliance is required, QEMU must be built with libcrypt which will unconditionally enforce it. Thus there is no need for libvirt to pass -enable-fips to modern QEMU. Unfortunately there was never any way to probe for -enable-fips in the first instance, it was enabled by libvirt based on version number originally, and then later unconditionally enabled when libvirt dropped support for older QEMU. Similarly we now use a version number check to decide when to stop passing -enable-fips. Note that the qemu-5.2 capabilities are currently from the pre-release version and will be updated once qemu-5.2 is released. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé
Peter Krempa
parent
ca8f7b8a02
commit
7b1ed1cd73
@ -5155,6 +5155,13 @@ virQEMUCapsInitQMPVersionCaps(virQEMUCapsPtr qemuCaps)
|
||||
/* TCG couldn't be disabled nor queried until QEMU 2.10 */
|
||||
if (qemuCaps->version < 2010000)
|
||||
virQEMUCapsSet(qemuCaps, QEMU_CAPS_TCG);
|
||||
|
||||
/* -enable-fips is deprecated in QEMU 5.2.0, and QEMU
|
||||
* should be built with gcrypt to achieve FIPS compliance
|
||||
* automatically / implicitly
|
||||
*/
|
||||
if (qemuCaps->version < 5002000)
|
||||
virQEMUCapsSet(qemuCaps, QEMU_CAPS_ENABLE_FIPS);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -1089,10 +1089,20 @@ qemuDiskConfigBlkdeviotuneEnabled(virDomainDiskDefPtr disk)
|
||||
* old QEMU new QEMU
|
||||
* FIPS enabled doesn't start VNC auth disabled
|
||||
* FIPS disabled/missing VNC auth enabled VNC auth enabled
|
||||
*
|
||||
* In QEMU 5.2.0, use of -enable-fips was deprecated. In scenarios
|
||||
* where FIPS is required, QEMU must be built against libgcrypt
|
||||
* which automatically enforces FIPS compliance.
|
||||
*/
|
||||
bool
|
||||
qemuCheckFips(void)
|
||||
qemuCheckFips(virDomainObjPtr vm)
|
||||
{
|
||||
qemuDomainObjPrivatePtr priv = vm->privateData;
|
||||
virQEMUCapsPtr qemuCaps = priv->qemuCaps;
|
||||
|
||||
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_ENABLE_FIPS))
|
||||
return false;
|
||||
|
||||
if (virFileExists("/proc/sys/crypto/fips_enabled")) {
|
||||
g_autofree char *buf = NULL;
|
||||
|
||||
|
||||
@ -214,7 +214,7 @@ qemuDiskConfigBlkdeviotuneEnabled(virDomainDiskDefPtr disk);
|
||||
|
||||
|
||||
bool
|
||||
qemuCheckFips(void);
|
||||
qemuCheckFips(virDomainObjPtr vm);
|
||||
|
||||
virJSONValuePtr qemuBuildHotpluggableCPUProps(const virDomainVcpuDef *vcpu)
|
||||
ATTRIBUTE_NONNULL(1);
|
||||
|
||||
@ -6512,7 +6512,7 @@ static char *qemuConnectDomainXMLToNative(virConnectPtr conn,
|
||||
goto cleanup;
|
||||
|
||||
if (!(cmd = qemuProcessCreatePretendCmdBuild(driver, vm, NULL,
|
||||
qemuCheckFips(), true, false)))
|
||||
qemuCheckFips(vm), true, false)))
|
||||
goto cleanup;
|
||||
|
||||
ret = virCommandToString(cmd, false);
|
||||
|
||||
@ -6901,7 +6901,7 @@ qemuProcessLaunch(virConnectPtr conn,
|
||||
incoming ? incoming->launchURI : NULL,
|
||||
snapshot, vmop,
|
||||
false,
|
||||
qemuCheckFips(),
|
||||
qemuCheckFips(vm),
|
||||
&nnicindexes, &nicindexes, 0)))
|
||||
goto cleanup;
|
||||
|
||||
|
||||
@ -62,6 +62,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='usb-audio'/>
|
||||
<flag name='splash-timeout'/>
|
||||
|
||||
@ -65,6 +65,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -66,6 +66,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -68,6 +68,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -50,6 +50,7 @@
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='ich9-intel-hda'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
|
||||
@ -49,6 +49,7 @@
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='ich9-intel-hda'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
|
||||
@ -31,6 +31,7 @@
|
||||
<flag name='drive-discard'/>
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
<flag name='change-backing-file'/>
|
||||
|
||||
@ -68,6 +68,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -31,6 +31,7 @@
|
||||
<flag name='drive-discard'/>
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
<flag name='change-backing-file'/>
|
||||
|
||||
@ -68,6 +68,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -50,6 +50,7 @@
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='ich9-intel-hda'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
|
||||
@ -49,6 +49,7 @@
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='ich9-intel-hda'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
|
||||
@ -31,6 +31,7 @@
|
||||
<flag name='drive-discard'/>
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
<flag name='change-backing-file'/>
|
||||
|
||||
@ -68,6 +68,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -68,6 +68,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -68,6 +68,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -52,6 +52,7 @@
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='ich9-intel-hda'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
|
||||
@ -49,6 +49,7 @@
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='ich9-intel-hda'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
|
||||
@ -68,6 +68,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -31,6 +31,7 @@
|
||||
<flag name='drive-discard'/>
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
<flag name='change-backing-file'/>
|
||||
|
||||
@ -68,6 +68,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -31,6 +31,7 @@
|
||||
<flag name='drive-discard'/>
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
<flag name='change-backing-file'/>
|
||||
|
||||
@ -68,6 +68,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -49,6 +49,7 @@
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='ich9-intel-hda'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
|
||||
@ -31,6 +31,7 @@
|
||||
<flag name='drive-discard'/>
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
<flag name='change-backing-file'/>
|
||||
|
||||
@ -68,6 +68,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -48,6 +48,7 @@
|
||||
<flag name='usb-storage.removable'/>
|
||||
<flag name='ich9-intel-hda'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
|
||||
@ -21,6 +21,7 @@
|
||||
<flag name='drive-discard'/>
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
<flag name='change-backing-file'/>
|
||||
|
||||
@ -21,6 +21,7 @@
|
||||
<flag name='drive-discard'/>
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
<flag name='change-backing-file'/>
|
||||
|
||||
@ -32,6 +32,7 @@
|
||||
<flag name='mem-merge'/>
|
||||
<flag name='drive-discard'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
<flag name='change-backing-file'/>
|
||||
|
||||
@ -67,6 +67,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -49,6 +49,7 @@
|
||||
<flag name='usb-storage.removable'/>
|
||||
<flag name='ich9-intel-hda'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
|
||||
@ -67,6 +67,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -52,6 +52,7 @@
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='ich9-intel-hda'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
|
||||
@ -51,6 +51,7 @@
|
||||
<flag name='usb-storage.removable'/>
|
||||
<flag name='ich9-intel-hda'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
|
||||
@ -55,6 +55,7 @@
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='ich9-intel-hda'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -55,6 +55,7 @@
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='ich9-intel-hda'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -32,6 +32,7 @@
|
||||
<flag name='mem-merge'/>
|
||||
<flag name='drive-discard'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
<flag name='change-backing-file'/>
|
||||
|
||||
@ -67,6 +67,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -67,6 +67,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -52,6 +52,7 @@
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='ich9-intel-hda'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
|
||||
@ -51,6 +51,7 @@
|
||||
<flag name='usb-storage.removable'/>
|
||||
<flag name='ich9-intel-hda'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
|
||||
@ -32,6 +32,7 @@
|
||||
<flag name='mem-merge'/>
|
||||
<flag name='drive-discard'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
<flag name='change-backing-file'/>
|
||||
|
||||
@ -68,6 +68,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -54,6 +54,7 @@
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='ich9-intel-hda'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
|
||||
@ -52,6 +52,7 @@
|
||||
<flag name='usb-storage.removable'/>
|
||||
<flag name='ich9-intel-hda'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
<flag name='active-commit'/>
|
||||
|
||||
@ -55,6 +55,7 @@
|
||||
<flag name='virtio-mmio'/>
|
||||
<flag name='ich9-intel-hda'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -68,6 +68,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -68,6 +68,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -68,6 +68,7 @@
|
||||
<flag name='kvm-pit-lost-tick-policy'/>
|
||||
<flag name='boot-strict'/>
|
||||
<flag name='pvpanic'/>
|
||||
<flag name='enable-fips'/>
|
||||
<flag name='spice-file-xfer-disable'/>
|
||||
<flag name='usb-kbd'/>
|
||||
<flag name='msg-timestamp'/>
|
||||
|
||||
@ -399,6 +399,7 @@ testCompareXMLToArgvCreateArgs(virQEMUDriverPtr drv,
|
||||
unsigned int flags,
|
||||
bool jsonPropsValidation)
|
||||
{
|
||||
qemuDomainObjPrivatePtr priv = vm->privateData;
|
||||
bool enableFips = !!(flags & FLAG_FIPS_HOST);
|
||||
size_t i;
|
||||
|
||||
@ -489,6 +490,10 @@ testCompareXMLToArgvCreateArgs(virQEMUDriverPtr drv,
|
||||
}
|
||||
}
|
||||
|
||||
/* we can't use qemuCheckFips() directly as it queries host state */
|
||||
if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_ENABLE_FIPS))
|
||||
enableFips = false;
|
||||
|
||||
return qemuProcessCreatePretendCmdBuild(drv, vm, migrateURI,
|
||||
enableFips, false,
|
||||
jsonPropsValidation);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user