mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 13:45:38 +00:00
qemu: Extend qemu_conf with tpm-emulator support
Extend qemu_conf with user and group for running the tpm-emulator and add directories to the configuration for the locations of the log, state, and socket of the tpm-emulator. Also add these new directories to the QEMU Makefile.inc.am and the RPM spec file libvirt.spec.in. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: John Ferlan <jferlan@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Stefan Berger
parent
a21c45c41d
commit
d9c087f57d
@ -1911,6 +1911,8 @@ exit 0
|
||||
%{_datadir}/augeas/lenses/libvirtd_qemu.aug
|
||||
%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug
|
||||
%{_libdir}/%{name}/connection-driver/libvirt_driver_qemu.so
|
||||
%dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/swtpm/
|
||||
%dir %attr(0711, root, root) %{_localstatedir}/log/swtpm/libvirt/qemu/
|
||||
%endif
|
||||
|
||||
%if %{with_lxc}
|
||||
|
||||
@ -129,12 +129,18 @@ install-data-qemu:
|
||||
$(MKDIR_P) "$(DESTDIR)$(localstatedir)/run/libvirt/qemu"
|
||||
$(MKDIR_P) "$(DESTDIR)$(localstatedir)/cache/libvirt/qemu"
|
||||
$(MKDIR_P) "$(DESTDIR)$(localstatedir)/log/libvirt/qemu"
|
||||
$(MKDIR_P) "$(DESTDIR)$(localstatedir)/lib/libvirt/swtpm"
|
||||
$(MKDIR_P) "$(DESTDIR)$(localstatedir)/run/libvirt/qemu/swtpm"
|
||||
$(MKDIR_P) "$(DESTDIR)$(localstatedir)/log/swtpm/libvirt/qemu"
|
||||
|
||||
uninstall-data-qemu:
|
||||
rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/qemu" ||:
|
||||
rmdir "$(DESTDIR)$(localstatedir)/run/libvirt/qemu" ||:
|
||||
rmdir "$(DESTDIR)$(localstatedir)/cache/libvirt/qemu" ||:
|
||||
rmdir "$(DESTDIR)$(localstatedir)/log/libvirt/qemu" ||:
|
||||
rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/swtpm"
|
||||
rmdir "$(DESTDIR)$(localstatedir)/run/libvirt/qemu/swtpm" ||:
|
||||
rmdir "$(DESTDIR)$(localstatedir)/log/swtpm/libvirt/qemu" ||:
|
||||
|
||||
endif WITH_QEMU
|
||||
|
||||
|
||||
@ -122,6 +122,9 @@ module Libvirtd_qemu =
|
||||
let nbd_entry = bool_entry "nbd_tls"
|
||||
| str_entry "nbd_tls_x509_cert_dir"
|
||||
|
||||
let swtpm_user_entry = str_entry "swtpm_user"
|
||||
let swtpm_group_entry = str_entry "swtpm_group"
|
||||
|
||||
(* Each entry in the config is one of the following ... *)
|
||||
let entry = default_tls_entry
|
||||
| vnc_entry
|
||||
@ -142,6 +145,8 @@ module Libvirtd_qemu =
|
||||
| memory_entry
|
||||
| vxhs_entry
|
||||
| nbd_entry
|
||||
| swtpm_user_entry
|
||||
| swtpm_group_entry
|
||||
|
||||
let comment = [ label "#comment" . del /#[ \t]*/ "# " . store /([^ \t\n][^\n]*)?/ . del /\n/ "\n" ]
|
||||
let empty = [ label "#empty" . eol ]
|
||||
|
||||
@ -817,3 +817,11 @@
|
||||
# Path to the SCSI persistent reservations helper. This helper is
|
||||
# used whenever <reservations/> are enabled for SCSI LUN devices.
|
||||
#pr_helper = "/usr/bin/qemu-pr-helper"
|
||||
|
||||
# User for the swtpm TPM Emulator
|
||||
#
|
||||
# Default is 'tss'; this is the same user that tcsd (TrouSerS) installs
|
||||
# and uses; alternative is 'root'
|
||||
#
|
||||
#swtpm_user = "tss"
|
||||
#swtpm_group = "tss"
|
||||
|
||||
@ -159,6 +159,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
|
||||
"%s/log/libvirt/qemu", LOCALSTATEDIR) < 0)
|
||||
goto error;
|
||||
|
||||
if (virAsprintf(&cfg->swtpmLogDir,
|
||||
"%s/log/swtpm/libvirt/qemu", LOCALSTATEDIR) < 0)
|
||||
goto error;
|
||||
|
||||
if (VIR_STRDUP(cfg->configBaseDir, SYSCONFDIR "/libvirt") < 0)
|
||||
goto error;
|
||||
|
||||
@ -166,6 +170,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
|
||||
"%s/run/libvirt/qemu", LOCALSTATEDIR) < 0)
|
||||
goto error;
|
||||
|
||||
if (virAsprintf(&cfg->swtpmStateDir,
|
||||
"%s/run/libvirt/qemu/swtpm", LOCALSTATEDIR) < 0)
|
||||
goto error;
|
||||
|
||||
if (virAsprintf(&cfg->cacheDir,
|
||||
"%s/cache/libvirt/qemu", LOCALSTATEDIR) < 0)
|
||||
goto error;
|
||||
@ -186,6 +194,13 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
|
||||
goto error;
|
||||
if (virAsprintf(&cfg->memoryBackingDir, "%s/ram", cfg->libDir) < 0)
|
||||
goto error;
|
||||
if (virAsprintf(&cfg->swtpmStorageDir, "%s/lib/libvirt/swtpm",
|
||||
LOCALSTATEDIR) < 0)
|
||||
goto error;
|
||||
if (virGetUserID("tss", &cfg->swtpm_user) < 0)
|
||||
cfg->swtpm_user = 0; /* fall back to root */
|
||||
if (virGetGroupID("tss", &cfg->swtpm_group) < 0)
|
||||
cfg->swtpm_group = 0; /* fall back to root */
|
||||
} else {
|
||||
char *rundir;
|
||||
char *cachedir;
|
||||
@ -199,6 +214,11 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
|
||||
VIR_FREE(cachedir);
|
||||
goto error;
|
||||
}
|
||||
if (virAsprintf(&cfg->swtpmLogDir,
|
||||
"%s/qemu/log", cachedir) < 0) {
|
||||
VIR_FREE(cachedir);
|
||||
goto error;
|
||||
}
|
||||
if (virAsprintf(&cfg->cacheDir, "%s/qemu/cache", cachedir) < 0) {
|
||||
VIR_FREE(cachedir);
|
||||
goto error;
|
||||
@ -214,6 +234,9 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
|
||||
}
|
||||
VIR_FREE(rundir);
|
||||
|
||||
if (virAsprintf(&cfg->swtpmStateDir, "%s/swtpm", cfg->stateDir) < 0)
|
||||
goto error;
|
||||
|
||||
if (!(cfg->configBaseDir = virGetUserConfigDirectory()))
|
||||
goto error;
|
||||
|
||||
@ -233,6 +256,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
|
||||
goto error;
|
||||
if (virAsprintf(&cfg->memoryBackingDir, "%s/qemu/ram", cfg->configBaseDir) < 0)
|
||||
goto error;
|
||||
if (virAsprintf(&cfg->swtpmStorageDir, "%s/qemu/swtpm", cfg->configBaseDir) < 0)
|
||||
goto error;
|
||||
cfg->swtpm_user = (uid_t)-1;
|
||||
cfg->swtpm_group = (gid_t)-1;
|
||||
}
|
||||
|
||||
if (virAsprintf(&cfg->configDir, "%s/qemu", cfg->configBaseDir) < 0)
|
||||
@ -352,7 +379,9 @@ static void virQEMUDriverConfigDispose(void *obj)
|
||||
VIR_FREE(cfg->configDir);
|
||||
VIR_FREE(cfg->autostartDir);
|
||||
VIR_FREE(cfg->logDir);
|
||||
VIR_FREE(cfg->swtpmLogDir);
|
||||
VIR_FREE(cfg->stateDir);
|
||||
VIR_FREE(cfg->swtpmStateDir);
|
||||
|
||||
VIR_FREE(cfg->libDir);
|
||||
VIR_FREE(cfg->cacheDir);
|
||||
@ -403,6 +432,7 @@ static void virQEMUDriverConfigDispose(void *obj)
|
||||
virFirmwareFreeList(cfg->firmwares, cfg->nfirmwares);
|
||||
|
||||
VIR_FREE(cfg->memoryBackingDir);
|
||||
VIR_FREE(cfg->swtpmStorageDir);
|
||||
}
|
||||
|
||||
|
||||
@ -475,6 +505,7 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
|
||||
size_t i, j;
|
||||
char *stdioHandler = NULL;
|
||||
char *user = NULL, *group = NULL;
|
||||
char *swtpm_user = NULL, *swtpm_group = NULL;
|
||||
char **controllers = NULL;
|
||||
char **hugetlbfs = NULL;
|
||||
char **nvram = NULL;
|
||||
@ -918,6 +949,16 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
|
||||
if (virConfGetValueString(conf, "memory_backing_dir", &cfg->memoryBackingDir) < 0)
|
||||
goto cleanup;
|
||||
|
||||
if (virConfGetValueString(conf, "swtpm_user", &swtpm_user) < 0)
|
||||
goto cleanup;
|
||||
if (swtpm_user && virGetUserID(swtpm_user, &cfg->swtpm_user) < 0)
|
||||
goto cleanup;
|
||||
|
||||
if (virConfGetValueString(conf, "swtpm_group", &swtpm_group) < 0)
|
||||
goto cleanup;
|
||||
if (swtpm_group && virGetGroupID(swtpm_group, &cfg->swtpm_group) < 0)
|
||||
goto cleanup;
|
||||
|
||||
ret = 0;
|
||||
|
||||
cleanup:
|
||||
@ -928,6 +969,8 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
|
||||
VIR_FREE(corestr);
|
||||
VIR_FREE(user);
|
||||
VIR_FREE(group);
|
||||
VIR_FREE(swtpm_user);
|
||||
VIR_FREE(swtpm_group);
|
||||
virConfFree(conf);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -102,7 +102,9 @@ struct _virQEMUDriverConfig {
|
||||
char *configDir;
|
||||
char *autostartDir;
|
||||
char *logDir;
|
||||
char *swtpmLogDir;
|
||||
char *stateDir;
|
||||
char *swtpmStateDir;
|
||||
/* These two directories are ones QEMU processes use (so must match
|
||||
* the QEMU user/group */
|
||||
char *libDir;
|
||||
@ -111,6 +113,7 @@ struct _virQEMUDriverConfig {
|
||||
char *snapshotDir;
|
||||
char *channelTargetDir;
|
||||
char *nvramDir;
|
||||
char *swtpmStorageDir;
|
||||
|
||||
char *defaultTLSx509certdir;
|
||||
bool checkdefaultTLSx509certdir;
|
||||
@ -210,6 +213,9 @@ struct _virQEMUDriverConfig {
|
||||
|
||||
bool nbdTLS;
|
||||
char *nbdTLSx509certdir;
|
||||
|
||||
uid_t swtpm_user;
|
||||
gid_t swtpm_group;
|
||||
};
|
||||
|
||||
/* Main driver state */
|
||||
|
||||
@ -103,3 +103,5 @@ module Test_libvirtd_qemu =
|
||||
}
|
||||
{ "memory_backing_dir" = "/var/lib/libvirt/qemu/ram" }
|
||||
{ "pr_helper" = "/usr/bin/qemu-pr-helper" }
|
||||
{ "swtpm_user" = "tss" }
|
||||
{ "swtpm_group" = "tss" }
|
||||
|
||||
Loading…
Reference in New Issue
Block a user