[libvirt] [PATCH 3/3] qemu: domain: Add /dev/sev into the domain mount namespace selectively
Michal Privoznik
mprivozn at redhat.com
Tue Jan 29 12:26:46 UTC 2019
On 1/23/19 1:57 PM, Erik Skultety wrote:
> Instead of exposing /dev/sev to every domain, do it selectively.
>
> Signed-off-by: Erik Skultety <eskultet at redhat.com>
> ---
> src/qemu/qemu_domain.c | 23 +++++++++++++++++++++++
> 1 file changed, 23 insertions(+)
>
> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> index 32a43f2064..a4cdb8d355 100644
> --- a/src/qemu/qemu_domain.c
> +++ b/src/qemu/qemu_domain.c
> @@ -12112,6 +12112,26 @@ qemuDomainSetupLoader(virQEMUDriverConfigPtr cfg ATTRIBUTE_UNUSED,
> }
>
>
> +static int
> +qemuDomainSetupLaunchSecurity(virQEMUDriverConfigPtr cfg ATTRIBUTE_UNUSED,
> + virDomainObjPtr vm,
> + const struct qemuDomainCreateDeviceData *data)
> +{
> + virDomainSEVDefPtr sev = vm->def->sev;
> +
> + if (!sev || sev->sectype != VIR_DOMAIN_LAUNCH_SECURITY_SEV)
> + return 0;
> +
> + VIR_DEBUG("Setting up launch security");
> +
> + if (qemuDomainCreateDevice("/dev/sev", data, false) < 0)
nitpick - I'd rather see this as a macro:
#define SEV_PATH "/dev/sev"
...
qemuDomainCreateDevice(SEV_PATH, ..)
> + return -1;
> +
> + VIR_DEBUG("Set up launch security");
> + return 0;
> +}
> +
> +
ACK
Michal
More information about the libvir-list
mailing list