On 1/16/19 2:41 AM, Ján Tomko wrote:
Add a capability check to qemuDomainDefValidate.
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
---
src/qemu/qemu_domain.c | 10 ++++++++++
1 file changed, 10 insertions(+)
If it were to be added, this should be merged w/ previous.
I think it's pointless due to the check in qemuBuildTLSx509BackendProps
which eventually gets called during qemuBuildGraphicsVNCCommandLine by
qemuBuildTLSx509CommandLine.
All this does is be more specific to VNC... Could have similar checks
with/for Chardev, StorageSource, and Migration to be more specific for
each and then remove the check in qemuBuildTLSx509BackendProps if the
"issue" was that the message there is too generic.
But I think the better change is to qemuBuildTLSx509BackendProps in
order to print the @tlspath or the @tlsalias in the error message in
order to which one failed, e.g. "tls-creds-x509 for %s not supported by
this QEMU binary".
John
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index da9c4e566d..851cb6d622 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4127,6 +4127,7 @@ qemuDomainDefValidate(const virDomainDef *def,
void *opaque)
{
virQEMUDriverPtr driver = opaque;
+ virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
virQEMUCapsPtr qemuCaps = NULL;
int ret = -1;
@@ -4249,10 +4250,19 @@ qemuDomainDefValidate(const virDomainDef *def,
if (qemuDomainDefValidateMemory(def, qemuCaps) < 0)
goto cleanup;
+ if (cfg->vncTLS && cfg->vncTLSx509secretUUID &&
+ !virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("encrypted VNC TLS keys are not supported with "
+ "this QEMU binary"));
+ goto cleanup;
+ }
+
ret = 0;
cleanup:
virObjectUnref(qemuCaps);
+ virObjectUnref(cfg);
return ret;
}