[libvirt] [PATCH 06/12] qemu: Extend QEMU with external TPM support

Ján Tomko jtomko at redhat.com
Thu May 24 06:39:28 UTC 2018 

On Wed, May 23, 2018 at 01:59:33PM -0400, Stefan Berger wrote:
>On 05/23/2018 11:41 AM, Ján Tomko wrote:
>> On Tue, May 22, 2018 at 04:44:47PM -0400, Stefan Berger wrote:
>>> + * @swtpm_user: The uid that needs to be able to access the directory
>>> + * @swtpm_group: The gid that needs to be able to access the directory
>>> + *
>>> + * Unless the storage path for the swtpm for the given VM
>>> + * already exists, create it and make it accessible for the given
>>> userid.
>>> + * Adapt ownership of the directory and all swtpm's state files there.
>>> + */
>>
>> [...]
>>
>>> +static int
>>> +qemuTPMEmulatorPrepareHost(virDomainTPMDefPtr tpm,
>>> +                           const char *logDir,
>>> +                           const char *vmname,
>>> +                           uid_t swtpm_user,
>>> +                           gid_t swtpm_group,
>>> +                           const char *swtpmStateDir,
>>> +                           uid_t qemu_user,
>>> +                           const char *shortName)
>>> +{
>>> +    int ret = -1;
>>> +
>>> +    if (qemuTPMEmulatorInit() < 0)
>>> +        return -1;
>>> +
>>> +    /* create log dir ... allow 'tss' user to cd into it */
>>> +    if (virFileMakePathWithMode(logDir, 0711) < 0)
>>> +        return -1;
>>> +
>>> +    /* ... and adjust ownership */
>>> +    if (virDirCreate(logDir, 0730, swtpm_user, swtpm_group,
>>> +                     VIR_DIR_CREATE_ALLOW_EXIST) < 0)
>>> +        goto cleanup;
>>> +
>>> +    /* create logfile name ... */
>>> +    if (!tpm->data.emulator.logfile &&
>>> +        virAsprintf(&tpm->data.emulator.logfile, "%s/%s-swtpm.log",
>>> +                    logDir, vmname) < 0)
>>
>> This should also use shortName.
>
>
>The shortName has the ID of the domain in the name. So for short-lived
>logs I would say yes. Though this should be a log like the one for the
>VM that gets appended to every time the VM restarts. I'd rather not
>change this.
>

My concern was the file name length, but even for qemu.logs we use
vm->def->name directly. So this should probably be okay.

Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180524/a8b88583/attachment-0001.sig>

More information about the libvir-list mailing list