On 01/14/2011 05:24 AM, Daniel P. Berrange wrote:
On Thu, Jan 13, 2011 at 05:34:35PM -0700, Eric Blake wrote:
Assuming a hypervisor that supports multiple smartcard devices in the guest, this would be a valid XML description:
This looks pretty reasonable, but is going to require additions to the security driver code. In the SetAllLabel method of the security drivers you'll need to iterate over all smartcards.
Good catch. I'm working on that portion now. I've gone ahead and pushed 1 and 2, given that they were straight ack and were preliminary patches useful even without smartcard support.
<devices> <smartcard mode='host'/>
I guess there is some /dev/smartcard device that needs to be accessed and thus labelled here ?
I'm not sure. Alon, since -device ccid-card-emulated makes qemu use NSS to access the host's smartcard, do we need to add any particular permissions to a device file to allow qemu access to the host device (and if so, is it /dev/smartcard or something else on the host)?
ACK for the patch
Even though patch 3 is just docs, I'll hold off pushing this until I've completed incorporating the security driver fixes as well. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org