[libvirt] [PATCH 8/8] qemu: error out when vnc vncTLSx509secretUUID is unsupported
John Ferlan
jferlan at redhat.com
Thu Jan 17 16:27:06 UTC 2019
On 1/16/19 2:41 AM, Ján Tomko wrote:
> Add a capability check to qemuDomainDefValidate.
>
> Signed-off-by: Ján Tomko <jtomko at redhat.com>
> ---
> src/qemu/qemu_domain.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
If it were to be added, this should be merged w/ previous.
I think it's pointless due to the check in qemuBuildTLSx509BackendProps
which eventually gets called during qemuBuildGraphicsVNCCommandLine by
qemuBuildTLSx509CommandLine.
All this does is be more specific to VNC... Could have similar checks
with/for Chardev, StorageSource, and Migration to be more specific for
each and then remove the check in qemuBuildTLSx509BackendProps if the
"issue" was that the message there is too generic.
But I think the better change is to qemuBuildTLSx509BackendProps in
order to print the @tlspath or the @tlsalias in the error message in
order to which one failed, e.g. "tls-creds-x509 for %s not supported by
this QEMU binary".
John
> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> index da9c4e566d..851cb6d622 100644
> --- a/src/qemu/qemu_domain.c
> +++ b/src/qemu/qemu_domain.c
> @@ -4127,6 +4127,7 @@ qemuDomainDefValidate(const virDomainDef *def,
> void *opaque)
> {
> virQEMUDriverPtr driver = opaque;
> + virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
> virQEMUCapsPtr qemuCaps = NULL;
> int ret = -1;
>
> @@ -4249,10 +4250,19 @@ qemuDomainDefValidate(const virDomainDef *def,
> if (qemuDomainDefValidateMemory(def, qemuCaps) < 0)
> goto cleanup;
>
> + if (cfg->vncTLS && cfg->vncTLSx509secretUUID &&
> + !virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) {
> + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> + _("encrypted VNC TLS keys are not supported with "
> + "this QEMU binary"));
> + goto cleanup;
> + }
> +
> ret = 0;
>
> cleanup:
> virObjectUnref(qemuCaps);
> + virObjectUnref(cfg);
> return ret;
> }
>
>
More information about the libvir-list
mailing list