[libvirt] [PATCH 3/4] conf: introduce sev element in domain

Erik Skultety eskultet at redhat.com
Wed Feb 28 10:18:26 UTC 2018


> Any kind of launch validation is ultimately security related in some
> manner.
>
> > By having the separate <sev> element you can make the sub-elements depend on
> > this parent element, since you can't expect other vendors to favour <cbitpos>
> > which add burden to the documentation to make it clear. Of course, the price
> > you pay for this is a more complex XML structure.
> > <launch>
> >     <security>
> >         <sev>
> >             <sev_specific_elements/>
> >         </sev>
> >     </security>
>
> This is not the way we usually do things - we wuld have a type="sev|..."
> which determines what child elements are permitted, as illustrated in
> the example above.

Oh, right. Also, having <sev> element wouldn't make it clear that you can only
have one type active, either 'sev' or some other solution.

Erik




More information about the libvir-list mailing list