[libvirt] [PATCH v3 0/5] file descriptor passing using pass-fd
by Corey Bryant
libvirt's sVirt security driver provides SELinux MAC isolation for
Qemu guest processes and their corresponding image files. In other
words, sVirt uses SELinux to prevent a QEMU process from opening
files that do not belong to it.
sVirt provides this support by labeling guests and resources with
security labels that are stored in file system extended attributes.
Some file systems, such as NFS, do not support the extended
attribute security namespace, and therefore cannot support sVirt
isolation.
A solution to this problem is to provide fd passing support, where
libvirt opens files and passes file descriptors to QEMU. This,
along with SELinux policy to prevent QEMU from opening files, can
provide image file isolation for NFS files stored on the same NFS
mount.
This patch series adds the pass-fd QMP monitor command, which allows
an fd to be passed via SCM_RIGHTS, and returns the received file
descriptor. Support is also added to the block layer to allow QEMU
to dup the fd when the filename is of the /dev/fd/X format. This
is useful if MAC policy prevents QEMU from opening specific types
of files.
One nice thing about this approach is that no new SELinux policy is
required to prevent open of NFS files (files with type nfs_t). The
virt_use_nfs boolean type simply needs to be set to false, and open
will be prevented (and dup will be allowed). For example:
# setsebool virt_use_nfs 0
# getsebool virt_use_nfs
virt_use_nfs --> off
Corey Bryant (5):
qapi: Convert getfd and closefd
qapi: Add pass-fd QMP command
osdep: Enable qemu_open to dup pre-opened fd
block: Convert open calls to qemu_open
block: Prevent /dev/fd/X filename from being detected as floppy
block/raw-posix.c | 22 ++++++++++---------
block/raw-win32.c | 4 ++--
block/vdi.c | 5 +++--
block/vmdk.c | 21 ++++++++----------
block/vpc.c | 2 +-
block/vvfat.c | 21 +++++++++---------
hmp-commands.hx | 6 ++----
hmp.c | 18 ++++++++++++++++
hmp.h | 2 ++
monitor.c | 61 +++++++++++++++++++++++++++++++++++++++--------------
osdep.c | 13 ++++++++++++
qapi-schema.json | 54 +++++++++++++++++++++++++++++++++++++++++++++++
qmp-commands.hx | 48 +++++++++++++++++++++++++++++++++++++----
13 files changed, 216 insertions(+), 61 deletions(-)
--
1.7.10.2
12 years, 6 months
[libvirt] [PATCH] Add support for RAM filesystems for LXC
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Introduce a new syntax for filesystems to allow use of a RAM
filesystem
<filesystem type='ram'>
<source usage='1024'/>
<target dir='/mnt'/>
</filesystem>
The usasge is in KB to limit consumption of host memory.
* docs/formatdomain.html.in: Document new syntax
* docs/schemas/domaincommon.rng: Add new attributes
* src/conf/domain_conf.c: Parsing/formatting of RAM filesystems
* src/lxc/lxc_container.c: Mounting of RAM filesystems
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
docs/formatdomain.html.in | 9 +++++++-
docs/schemas/domaincommon.rng | 13 +++++++++++
src/conf/domain_conf.c | 43 ++++++++++++++++++++----------------
src/lxc/lxc_container.c | 49 +++++++++++++++++++++++++++++++++++++++++
4 files changed, 94 insertions(+), 20 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index e1fe0c4..9d1e02b 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1617,6 +1617,12 @@
format will be autodetected. Only used by LXC driver
<span class="since">(since 0.9.5)</span>.
</dd>
+ <dt><code>type='ram'</code></dt>
+ <dd>
+ An in-memory filesystem, using memory from the host OS.
+ The source element has a single attribute <code>usage</code>
+ which gives the memory usage limit in kilobytes.
+ <span class="since"> (since 0.9.13)</span></dd>
</dl>
The filesystem block has an optional attribute <code>accessmode</code>
@@ -1656,7 +1662,8 @@
The resource on the host that is being accessed in the guest. The
<code>name</code> attribute must be used with
<code>type='template'</code>, and the <code>dir</code> attribute must
- be used with <code>type='mount'</code>
+ be used with <code>type='mount'</code>. The <code>usage</code> attribute
+ is used with <code>type='ram'</code> to set the memory limit in KB.
</dd>
<dt><code>target</code></dt>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 8419ccc..884680a 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1271,6 +1271,19 @@
</element>
</interleave>
</group>
+ <group>
+ <attribute name="type">
+ <value>ram</value>
+ </attribute>
+ <interleave>
+ <element name="source">
+ <attribute name="usage">
+ <ref name="unsignedLong"/>
+ </attribute>
+ <empty/>
+ </element>
+ </interleave>
+ </group>
</choice>
<interleave>
<element name="target">
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index c82971a..5d692d6 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -4177,7 +4177,8 @@ virDomainFSDefParseXML(xmlNodePtr node,
def->wrpolicy = VIR_DOMAIN_FS_WRPOLICY_DEFAULT;
}
- if (source == NULL) {
+ if (source == NULL &&
+ def->type != VIR_DOMAIN_FS_TYPE_RAM) {
virDomainReportError(VIR_ERR_NO_SOURCE,
target ? "%s" : NULL, target);
goto error;
@@ -11086,27 +11087,31 @@ virDomainFSDefFormat(virBufferPtr buf,
virBufferAddLit(buf, "/>\n");
}
- if (def->src) {
- switch (def->type) {
- case VIR_DOMAIN_FS_TYPE_MOUNT:
- virBufferEscapeString(buf, " <source dir='%s'/>\n",
- def->src);
- break;
+ switch (def->type) {
+ case VIR_DOMAIN_FS_TYPE_MOUNT:
+ virBufferEscapeString(buf, " <source dir='%s'/>\n",
+ def->src);
+ break;
- case VIR_DOMAIN_FS_TYPE_BLOCK:
- virBufferEscapeString(buf, " <source dev='%s'/>\n",
- def->src);
- break;
+ case VIR_DOMAIN_FS_TYPE_BLOCK:
+ virBufferEscapeString(buf, " <source dev='%s'/>\n",
+ def->src);
+ break;
- case VIR_DOMAIN_FS_TYPE_FILE:
- virBufferEscapeString(buf, " <source file='%s'/>\n",
- def->src);
- break;
+ case VIR_DOMAIN_FS_TYPE_FILE:
+ virBufferEscapeString(buf, " <source file='%s'/>\n",
+ def->src);
+ break;
- case VIR_DOMAIN_FS_TYPE_TEMPLATE:
- virBufferEscapeString(buf, " <source name='%s'/>\n",
- def->src);
- }
+ case VIR_DOMAIN_FS_TYPE_TEMPLATE:
+ virBufferEscapeString(buf, " <source name='%s'/>\n",
+ def->src);
+ break;
+
+ case VIR_DOMAIN_FS_TYPE_RAM:
+ virBufferAsprintf(buf, " <source usage='%lld'/>\n",
+ def->usage);
+ break;
}
virBufferEscapeString(buf, " <target dir='%s'/>\n",
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 0636eab..f35b8f9 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -338,6 +338,8 @@ static int lxcContainerPivotRoot(virDomainFSDefPtr root)
ret = -1;
+ VIR_DEBUG("Pivot via %s", root->src);
+
/* root->parent must be private, so make / private. */
if (mount("", "/", NULL, MS_PRIVATE|MS_REC, NULL) < 0) {
virReportSystemError(errno, "%s",
@@ -995,6 +997,47 @@ cleanup:
}
+static int lxcContainerMountFSTmpfs(virDomainFSDefPtr fs)
+{
+ int ret = -1;
+ char *data = NULL;
+
+ if (virAsprintf(&data, "size=%lldk", fs->usage) < 0) {
+ virReportOOMError();
+ goto cleanup;
+ }
+
+ if (virFileMakePath(fs->dst) < 0) {
+ virReportSystemError(errno,
+ _("Failed to create %s"),
+ fs->dst);
+ goto cleanup;
+ }
+
+ if (mount("tmpfs", fs->dst, "tmpfs", 0, data) < 0) {
+ virReportSystemError(errno,
+ _("Failed to mount directory %s as tmpfs"),
+ fs->dst);
+ goto cleanup;
+ }
+
+ if (fs->readonly) {
+ VIR_DEBUG("Binding %s readonly", fs->dst);
+ if (mount(fs->dst, fs->dst, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) {
+ virReportSystemError(errno,
+ _("Failed to make directory %s readonly"),
+ fs->dst);
+ }
+ }
+
+ ret = 0;
+
+cleanup:
+ VIR_FREE(data);
+ return ret;
+}
+
+
static int lxcContainerMountFS(virDomainFSDefPtr fs,
const char *srcprefix)
{
@@ -1007,6 +1050,10 @@ static int lxcContainerMountFS(virDomainFSDefPtr fs,
if (lxcContainerMountFSBlock(fs, srcprefix) < 0)
return -1;
break;
+ case VIR_DOMAIN_FS_TYPE_RAM:
+ if (lxcContainerMountFSTmpfs(fs) < 0)
+ return -1;
+ break;
case VIR_DOMAIN_FS_TYPE_FILE:
lxcError(VIR_ERR_INTERNAL_ERROR,
_("Unexpected filesystem type %s"),
@@ -1196,6 +1243,8 @@ static int lxcContainerResolveSymlinks(virDomainDefPtr vmDef)
for (i = 0 ; i < vmDef->nfss ; i++) {
virDomainFSDefPtr fs = vmDef->fss[i];
+ if (!fs->src)
+ continue;
if (virFileResolveAllLinks(fs->src, &newroot) < 0)
return -1;
--
1.7.10.1
12 years, 6 months
[libvirt] [PATCHv3 00/12] Add api for atomic listing of domains
by Peter Krempa
This is the third respin of the series. I've incorporated suggestions from
Eric's review and cleaned up some nits that I found while polishing the series.
This respin also contains two new cleanup patches:
driver: Clean up driver header to space indentation
maint: include ignore-value in internal.h
Peter Krempa (12):
lib: Add public api to enable atomic listing of guest
virsh: add support for virConnectListAllDomains and clean up cmdList
python: add API exports for virConnectListAllDomains()
remote: implement remote protocol for virConnectListAllDomains()
conf: Store managed save image existence in virDomainObj
conf: Add helper for listing domains on drivers supporting
virDomainObj
drivers: Implement virListAllDomains for drivers using virDomainObj
vbox: Add support for virConnectListAllDomains()
hyperv: Add implementation for virConnectListAllDomains()
esx: Add implementation for virConnectListAllDomains()
driver: Clean up driver header to space indentation
maint: include ignore-value in internal.h
daemon/remote.c | 54 +++
include/libvirt/libvirt.h.in | 36 ++-
python/generator.py | 1 +
python/libvirt-override-api.xml | 12 +-
python/libvirt-override-virConnect.py | 12 +
python/libvirt-override.c | 50 +++-
src/Makefile.am | 8 +-
src/conf/domain_audit.c | 1 -
src/conf/domain_conf.c | 1 -
src/conf/domain_conf.h | 2 +
src/conf/virdomainlist.c | 181 ++++++++
src/conf/virdomainlist.h | 66 +++
src/driver.h | 729 +++++++++++++++++----------------
src/esx/esx_driver.c | 194 +++++++++
src/hyperv/hyperv_driver.c | 136 ++++++
src/internal.h | 1 +
src/libvirt.c | 124 ++++++-
src/libvirt_private.syms | 4 +
src/libvirt_public.syms | 1 +
src/libxl/libxl_driver.c | 61 +++-
src/lxc/lxc_driver.c | 19 +
src/network/bridge_driver.c | 1 -
src/node_device/node_device_hal.c | 1 -
src/openvz/openvz_conf.c | 1 -
src/openvz/openvz_driver.c | 19 +
src/qemu/qemu_domain.c | 1 -
src/qemu/qemu_driver.c | 67 +++-
src/qemu/qemu_monitor_json.c | 1 -
src/remote/remote_driver.c | 64 +++
src/remote/remote_protocol.x | 14 +-
src/remote_protocol-structs | 12 +
src/test/test_driver.c | 19 +
src/uml/uml_driver.c | 18 +
src/util/command.c | 1 -
src/util/event_poll.c | 1 -
src/util/logging.c | 1 -
src/util/memory.c | 1 -
src/util/threadpool.c | 1 -
src/util/virfile.h | 1 -
src/util/virnetdevbandwidth.c | 1 -
src/vbox/vbox_tmpl.c | 170 ++++++++
src/vmware/vmware_driver.c | 20 +
src/xenapi/xenapi_driver.c | 1 -
tests/shunloadtest.c | 1 -
tools/virsh.c | 555 +++++++++++++++++--------
tools/virsh.pod | 91 +++--
46 files changed, 2155 insertions(+), 601 deletions(-)
create mode 100644 src/conf/virdomainlist.c
create mode 100644 src/conf/virdomainlist.h
--
1.7.3.4
12 years, 6 months
[libvirt] [sandbox][PATCH] Add module directory prefix selection feature
by Radu Caragea
Add module directory prefix selection feature
This is useful when running as a non-privileged user if we want to
boot a custom compiled kernel: we might not have rights to install in
/lib/modules/<kernel release> so when compiling the kernel we can use
"make modules_install INSTALL_MOD_PATH=/path" which installs in
/path/lib/modules/<kernel release>. By setting with
gvir_sandbox_config_set_moddirprefix(cfg, "/path") we can now achieve
just that.
12 years, 6 months
[libvirt] [qpid PATCH] doc: fixed search form action
by Martin Kletzander
Search was giving 404 because of missing {$href_base} in "action"
property. Also one whitespace character got removed from end of the
line because my before-save-hook.
---
Pushed under the 'trivial' rule.
doc/architecture.html | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/architecture.html b/doc/architecture.html
index a564fa8..5b0f2bd 100644
--- a/doc/architecture.html
+++ b/doc/architecture.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /><link rel="stylesheet" type="text/css" href="http://libvirt.org/qpid/main.css" /><link rel="SHORTCUT ICON" href="/32favicon.png" /><title>Architecture</title><meta name="description" content="libvirt, virtualization, virtualization API, qpid" /></head><body><div id="header"><div id="headerLogo"></div><div id="headerSearch"><form action="search.php" enctype="application/x-www-form-urlencoded" method="get"><div><input id="query" name="query" type="text" size="12" value="" /><input id="submit" name="submit" type="submit" value="Search" /></div></form></div></div><div id="body"><div id="menu"><ul class="l0"><li><div><a href="index.html" class="inactive">Home</a></div></li><li><a href="http://libvirt.org/" class="inactive">libvirt</a></li><li><div><a href="releases.html" class="inactive">Releases</a></div></li><li><div><a href="architecture.html" class="inac!
tive">Architecture</a></div></li><li><a href="https://www.redhat.com/mailman/listinfo/libvir-list" class="inactive">Mailing list</a></li></ul></div><div id="content"><h1 class="style1">Architecture</h1><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /><link rel="stylesheet" type="text/css" href="http://libvirt.org/qpid/main.css" /><link rel="SHORTCUT ICON" href="/32favicon.png" /><title>Architecture</title><meta name="description" content="libvirt, virtualization, virtualization API, qpid" /></head><body><div id="header"><div id="headerLogo"></div><div id="headerSearch"><form action="{$href_base}search.php" enctype="application/x-www-form-urlencoded" method="get"><div><input id="query" name="query" type="text" size="12" value="" /><input id="submit" name="submit" type="submit" value="Search" /></div></form></div></div><div id="body"><div id="menu"><ul class="l0"><li><div><a href="index.html" class="inactive">Home</a></div></li><li><a href="http://libvirt.org/" class="inactive">libvirt</a></li><li><div><a href="releases.html" class="inactive">Releases</a></div></li><li><div><a href="architecture.html"!
class="inactive">Architecture</a></div></li><li><a href="https://www.redhat.com/mailman/listinfo/libvir-list" class="inactive">Mailing list</a></li></ul></div><div id="content"><h1 class="style1">Architecture</h1><p>
libvirt-qpid is an agent that runs on a given host. It will connect
to both the local libvirtd and to a qpid broker. It then queries
libvirtd every 5 seconds and maintains objects of various classes
that reflect the activity and configuration of libvirtd.
</p><p>
- The classes include the node (the host), domains, storage pools,
+ The classes include the node (the host), domains, storage pools,
and storage volumes. A complete synchronization takes place each
iteration so that any state changes that happen outside of the
channel provided by libvirt-qpid will be reflected in the objects
--
1.7.8.6
12 years, 6 months
[libvirt] [PATCH] conf: Format numatune XML correctly while placement is none
by Osier Yang
setNumaParameters tunes the numa setting using cgroup, it's another
entry except libnuma/numad for numa tuning. And it doesn't set the
placement, and further more, the formating codes doesn't take this
into consideration.
How to reproduce:
conn = libvirt.open(None)
dom = conn.lookupByName('linux')
param = {'numa_nodeset': '0', 'numa_mode': 1}
dom.setNumaParameters(param, 2)
% virsh start linux
error: Failed to start domain rhel6.3rc
error: (domain_definition):8: error parsing attribute name
<memory mode='preferred' </numatune>
-------------------------------^
---
By the way, I see problems of setNumaParameters too.
conn = libvirt.open(None)
dom = conn.lookupByName('linux')
param = {'numa_mode': 1}
dom.setNumaParameters(param, 2)
The numa 'mode' will be just ignored, and no 'numatune' XML is formated,
as neither 'nodeset' nor 'placement' is specified. I'd think it's
right to ignore it when formating, it's meaningless to only specify
the 'mode'. However, we might have to fix setNumaParameters to prevent
setting the numa mode without nodeset, and error out, as it's really a
bad user experience to see the API call succeeded, but the expected
XML doesn't show up in the end.
---
src/conf/domain_conf.c | 17 ++++++++++-------
1 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 81c6308..c44d89d 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -12795,23 +12795,26 @@ virDomainDefFormatInternal(virDomainDefPtr def,
const char *placement;
mode = virDomainNumatuneMemModeTypeToString(def->numatune.memory.mode);
- virBufferAsprintf(buf, " <memory mode='%s' ", mode);
+ virBufferAsprintf(buf, " <memory mode='%s'", mode);
- if (def->numatune.memory.placement_mode ==
- VIR_DOMAIN_NUMATUNE_MEM_PLACEMENT_MODE_STATIC) {
+ if (def->numatune.memory.nodemask) {
nodemask = virDomainCpuSetFormat(def->numatune.memory.nodemask,
- VIR_DOMAIN_CPUMASK_LEN);
+ VIR_DOMAIN_CPUMASK_LEN);
if (nodemask == NULL) {
virDomainReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("failed to format nodeset for "
"NUMA memory tuning"));
goto cleanup;
}
- virBufferAsprintf(buf, "nodeset='%s'/>\n", nodemask);
+ virBufferAsprintf(buf, " nodeset='%s'/>\n", nodemask);
VIR_FREE(nodemask);
- } else if (def->numatune.memory.placement_mode) {
+ } else if (def->numatune.memory.placement_mode ==
+ VIR_DOMAIN_NUMATUNE_MEM_PLACEMENT_MODE_AUTO) {
placement = virDomainNumatuneMemPlacementModeTypeToString(def->numatune.memory.placement_mode);
- virBufferAsprintf(buf, "placement='%s'/>\n", placement);
+ virBufferAsprintf(buf, " placement='%s'/>\n", placement);
+ } else {
+ /* Should not hit here. */
+ virBufferAddLit(buf, "/>\n");
}
virBufferAddLit(buf, " </numatune>\n");
}
--
1.7.7.3
12 years, 6 months
[libvirt] [PATCH] openvz: Fix wordsize on 64 bit architectures
by Guido Günther
The word size there is 64 bit not 8.
---
Came across this while browsing the source. O.k. to apply?
-- Guido
src/openvz/openvz_conf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvz/openvz_conf.c b/src/openvz/openvz_conf.c
index ad4ed74..007f9fe 100644
--- a/src/openvz/openvz_conf.c
+++ b/src/openvz/openvz_conf.c
@@ -195,7 +195,7 @@ virCapsPtr openvzCapsInit(void)
if ((guest = virCapabilitiesAddGuest(caps,
"exe",
utsname.machine,
- sizeof(int) == 4 ? 32 : 8,
+ sizeof(int) == 4 ? 32 : 64,
NULL,
NULL,
0,
--
1.7.10.4
12 years, 6 months
[libvirt] [PATCH 1/2] Fix default USB controller for ppc64
by Dipankar Sarma
From: Dipankar Sarma <dipankar(a)in.ibm.com>
Fix the default usb controller for pseries systems if none
specified.
Signed-off-by: Dipankar Sarma <dipankar(a)in.ibm.com>
---
src/qemu/qemu_command.c | 13 +++++++++----
1 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index a34c707..bd4f96a 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -2605,7 +2605,8 @@ qemuControllerModelUSBToCaps(int model)
static int
-qemuBuildUSBControllerDevStr(virDomainControllerDefPtr def,
+qemuBuildUSBControllerDevStr(virDomainDefPtr domainDef,
+ virDomainControllerDefPtr def,
virBitmapPtr qemuCaps,
virBuffer *buf)
{
@@ -2614,8 +2615,12 @@ qemuBuildUSBControllerDevStr(virDomainControllerDefPtr def,
model = def->model;
- if (model == -1)
- model = VIR_DOMAIN_CONTROLLER_MODEL_USB_PIIX3_UHCI;
+ if (model == -1) {
+ if (STREQ(domainDef->os.arch, "ppc64"))
+ model = VIR_DOMAIN_CONTROLLER_MODEL_USB_PCI_OHCI;
+ else
+ model = VIR_DOMAIN_CONTROLLER_MODEL_USB_PIIX3_UHCI;
+ }
smodel = qemuControllerModelUSBTypeToString(model);
caps = qemuControllerModelUSBToCaps(model);
@@ -2701,7 +2706,7 @@ qemuBuildControllerDevStr(virDomainDefPtr domainDef,
break;
case VIR_DOMAIN_CONTROLLER_TYPE_USB:
- if (qemuBuildUSBControllerDevStr(def, qemuCaps, &buf) == -1)
+ if (qemuBuildUSBControllerDevStr(domainDef, def, qemuCaps, &buf) == -1)
goto error;
if (nusbcontroller)
12 years, 6 months
[libvirt] Fwd: libvirt secret support password or encryption keys?
by Zhimou Peng
FWD
Hi, all
PLS help, i'm reviewing man doc of libvirt secrets
# man virsh
...
SECRET COMMMANDS
The following commands manipulate "secrets" (e.g. passwords, passphrases -----> secret-set-value only support base64 "passphrases"
and encryption keys). Libvirt can store secrets independently from their
use, and other objects (e.g. volumes or domains) can refer to the secrets
for encryption or possibly other uses. Secrets are identified using an
UUID. See <http://libvirt.org/formatsecret.html> for documentation of
the XML format used to represent properties of secrets.
...
So, I want to know that if libvirt support other 2 kinds of "secrets". And if so, How to use password and encrytion keys ? If libvirt not support that, i will file a bug of this man doc.
BR
zhpeng
----- Forwarded Message -----
From: "Zhimou Peng" <zhpeng(a)redhat.com>
To: "Daniel Berrange" <berrange(a)redhat.com>
Sent: Thursday, June 14, 2012 1:38:09 PM
Subject: Fwd: libvirt secret support password or encryption keys?
Hi, Daniel
I saw your blog:http://berrange.com/posts/2009/12/02/using-qcow2-disk-encryption-wit...
and there is only "type=passphrases", so how can i use password or encrytion keys?
zhpeng
BR
----- Forwarded Message -----
From: "Zhimou Peng" <zhpeng(a)redhat.com>
To: "Daniel Berrange" <berrange(a)redhat.com>
Cc: "s3-bug-review" <s3-bug-review(a)redhat.com>
Sent: Tuesday, June 12, 2012 2:03:05 PM
Subject: libvirt secret support password or encryption keys?
Hi all,
# man virsh
...
SECRET COMMMANDS
The following commands manipulate "secrets" (e.g. passwords, passphrases -----> secret-set-value only support base64 "passphrases"
and encryption keys). Libvirt can store secrets independently from their
use, and other objects (e.g. volumes or domains) can refer to the secrets
for encryption or possibly other uses. Secrets are identified using an
UUID. See <http://libvirt.org/formatsecret.html> for documentation of
the XML format used to represent properties of secrets.
...
So, I want to know that if libvirt support other 2 kinds of "secrets". And if so, How to use password and encrytion keys ? If libvirt not support that, i will file a bug of this man doc.
zhpeng
BR
12 years, 6 months