mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-14 01:59:14 +00:00
3f1a707042
Add the external swtpm to the emulator cgroup so that upper limits of CPU usage can be enforced on the emulated TPM. To enable this we need to have the swtpm write its process id (pid) into a file. We then read it from the file to configure the emulator cgroup. The PID file is created in /var/run/libvirt/qemu/swtpm: [root@localhost swtpm]# ls -lZ /var/run/libvirt/qemu/swtpm/ total 4 -rw-r--r--. 1 tss tss system_u:object_r:qemu_var_run_t:s0 5 Apr 10 12:26 1-testvm-swtpm.pid srw-rw----. 1 qemu qemu system_u:object_r:svirt_image_t:s0:c597,c632 0 Apr 10 12:26 1-testvm-swtpm.sock The swtpm command line now looks as follows: root@localhost testvm]# ps auxZ | grep swtpm | grep socket | grep -v grep system_u:system_r:virtd_t:s0:c597,c632 tss 18697 0.0 0.0 28172 3892 ? Ss 16:46 0:00 /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/var/run/libvirt/qemu/swtpm/1-testvm-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/485d0004-a48f-436a-8457-8a3b73e28568/tpm1.2/ --log file=/var/log/swtpm/libvirt/qemu/testvm-swtpm.log --pid file=/var/run/libvirt/qemu/swtpm/1-testvm-swtpm.pid Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: John Ferlan <jferlan@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
89 lines
3.6 KiB
C
89 lines
3.6 KiB
C
/*
|
|
* qemu_cgroup.h: QEMU cgroup management
|
|
*
|
|
* Copyright (C) 2006-2007, 2009-2014 Red Hat, Inc.
|
|
* Copyright (C) 2006 Daniel P. Berrange
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library. If not, see
|
|
* <http://www.gnu.org/licenses/>.
|
|
*
|
|
* Author: Daniel P. Berrange <berrange@redhat.com>
|
|
*/
|
|
|
|
#ifndef __QEMU_CGROUP_H__
|
|
# define __QEMU_CGROUP_H__
|
|
|
|
# include "virusb.h"
|
|
# include "vircgroup.h"
|
|
# include "domain_conf.h"
|
|
# include "qemu_conf.h"
|
|
|
|
int qemuSetupImageCgroup(virDomainObjPtr vm,
|
|
virStorageSourcePtr src);
|
|
int qemuTeardownImageCgroup(virDomainObjPtr vm,
|
|
virStorageSourcePtr src);
|
|
int qemuSetupDiskCgroup(virDomainObjPtr vm,
|
|
virDomainDiskDefPtr disk);
|
|
int qemuTeardownDiskCgroup(virDomainObjPtr vm,
|
|
virDomainDiskDefPtr disk);
|
|
int qemuSetupInputCgroup(virDomainObjPtr vm,
|
|
virDomainInputDefPtr dev);
|
|
int qemuTeardownInputCgroup(virDomainObjPtr vm,
|
|
virDomainInputDefPtr dev);
|
|
int qemuSetupHostdevCgroup(virDomainObjPtr vm,
|
|
virDomainHostdevDefPtr dev)
|
|
ATTRIBUTE_RETURN_CHECK;
|
|
int qemuTeardownHostdevCgroup(virDomainObjPtr vm,
|
|
virDomainHostdevDefPtr dev)
|
|
ATTRIBUTE_RETURN_CHECK;
|
|
int qemuSetupMemoryDevicesCgroup(virDomainObjPtr vm,
|
|
virDomainMemoryDefPtr mem);
|
|
int qemuTeardownMemoryDevicesCgroup(virDomainObjPtr vm,
|
|
virDomainMemoryDefPtr mem);
|
|
int qemuSetupRNGCgroup(virDomainObjPtr vm,
|
|
virDomainRNGDefPtr rng);
|
|
int qemuTeardownRNGCgroup(virDomainObjPtr vm,
|
|
virDomainRNGDefPtr rng);
|
|
int qemuSetupChardevCgroup(virDomainObjPtr vm,
|
|
virDomainChrDefPtr dev);
|
|
int qemuTeardownChardevCgroup(virDomainObjPtr vm,
|
|
virDomainChrDefPtr dev);
|
|
int qemuConnectCgroup(virDomainObjPtr vm);
|
|
int qemuSetupCgroup(virDomainObjPtr vm,
|
|
size_t nnicindexes,
|
|
int *nicindexes);
|
|
int qemuSetupCpusetMems(virDomainObjPtr vm);
|
|
int qemuSetupCgroupVcpuBW(virCgroupPtr cgroup,
|
|
unsigned long long period,
|
|
long long quota);
|
|
int qemuSetupCgroupCpusetCpus(virCgroupPtr cgroup, virBitmapPtr cpumask);
|
|
int qemuSetupGlobalCpuCgroup(virDomainObjPtr vm);
|
|
int qemuSetupCgroupForExtDevices(virDomainObjPtr vm,
|
|
virQEMUDriverPtr driver);
|
|
int qemuRemoveCgroup(virDomainObjPtr vm);
|
|
|
|
typedef struct _qemuCgroupEmulatorAllNodesData qemuCgroupEmulatorAllNodesData;
|
|
typedef qemuCgroupEmulatorAllNodesData *qemuCgroupEmulatorAllNodesDataPtr;
|
|
struct _qemuCgroupEmulatorAllNodesData {
|
|
virCgroupPtr emulatorCgroup;
|
|
char *emulatorMemMask;
|
|
};
|
|
|
|
int qemuCgroupEmulatorAllNodesAllow(virCgroupPtr cgroup,
|
|
qemuCgroupEmulatorAllNodesDataPtr *data);
|
|
void qemuCgroupEmulatorAllNodesRestore(qemuCgroupEmulatorAllNodesDataPtr data);
|
|
|
|
extern const char *const defaultDeviceACL[];
|
|
#endif /* __QEMU_CGROUP_H__ */
|