From nobody Wed May 14 05:50:51 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1525989501346693.0438020264605; Thu, 10 May 2018 14:58:21 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 05A5A3E2B3; Thu, 10 May 2018 21:58:20 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CBE386017C; Thu, 10 May 2018 21:58:19 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 820C7180CB21; Thu, 10 May 2018 21:58:19 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4ALvtAs028565 for ; Thu, 10 May 2018 17:57:55 -0400 Received: by smtp.corp.redhat.com (Postfix) id 731661906D; Thu, 10 May 2018 21:57:55 +0000 (UTC) Received: from mx1.redhat.com (ext-mx16.extmail.prod.ext.phx2.redhat.com [10.5.110.45]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 69F5160C9A for ; Thu, 10 May 2018 21:57:55 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 914F230C0940 for ; Thu, 10 May 2018 21:57:48 +0000 (UTC) Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w4ALrql3120888 for ; Thu, 10 May 2018 17:57:48 -0400 Received: from e19.ny.us.ibm.com (e19.ny.us.ibm.com [129.33.205.209]) by mx0a-001b2d01.pphosted.com with ESMTP id 2hvu0n8jtj-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 10 May 2018 17:57:48 -0400 Received: from localhost by e19.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 10 May 2018 17:57:46 -0400 Received: from b01cxnp22035.gho.pok.ibm.com (9.57.198.25) by e19.ny.us.ibm.com (146.89.104.206) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 10 May 2018 17:57:44 -0400 Received: from b01ledav005.gho.pok.ibm.com (b01ledav005.gho.pok.ibm.com [9.57.199.110]) by b01cxnp22035.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w4ALvicL56623232; Thu, 10 May 2018 21:57:44 GMT Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4386EAE03C; Thu, 10 May 2018 17:59:42 -0400 (EDT) Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153]) by b01ledav005.gho.pok.ibm.com (Postfix) with ESMTP id 2C238AE043; Thu, 10 May 2018 17:59:42 -0400 (EDT) From: Stefan Berger To: libvir-list@redhat.com Date: Thu, 10 May 2018 17:57:31 -0400 In-Reply-To: <1525989457-29715-1-git-send-email-stefanb@linux.vnet.ibm.com> References: <1525989457-29715-1-git-send-email-stefanb@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 18051021-0056-0000-0000-0000044CA93A X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00009002; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000259; SDB=6.01030431; UDB=6.00526618; IPR=6.00809563; MB=3.00021037; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-10 21:57:45 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18051021-0057-0000-0000-00000890B88B Message-Id: <1525989457-29715-6-git-send-email-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-05-10_06:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=43 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1805100201 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.45]); Thu, 10 May 2018 21:57:48 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.45]); Thu, 10 May 2018 21:57:48 +0000 (UTC) for IP:'148.163.156.1' DOMAIN:'mx0a-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.7 (RCVD_IN_DNSWL_LOW) 148.163.156.1 mx0a-001b2d01.pphosted.com 148.163.156.1 mx0a-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.45 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 05/11] qemu: Extend qemu_conf with tpm-emulator support X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Thu, 10 May 2018 21:58:20 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Extend qemu_conf with user and group for running the tpm-emulator and add directories to the configuration for the locations of the log, state, and socket of the tpm-emulator. Also add these new directories to the QEMU Makefile.inc.am and the RPM spec file libvirt.spec.in. Signed-off-by: Stefan Berger Reviewed-by: John Ferlan --- libvirt.spec.in | 2 ++ src/qemu/Makefile.inc.am | 6 ++++++ src/qemu/libvirtd_qemu.aug | 5 +++++ src/qemu/qemu.conf | 8 +++++++ src/qemu/qemu_conf.c | 43 ++++++++++++++++++++++++++++++++++= ++++ src/qemu/qemu_conf.h | 6 ++++++ src/qemu/test_libvirtd_qemu.aug.in | 2 ++ 7 files changed, 72 insertions(+) diff --git a/libvirt.spec.in b/libvirt.spec.in index 9ea5e6b..cd24453 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1900,6 +1900,8 @@ exit 0 %{_datadir}/augeas/lenses/libvirtd_qemu.aug %{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug %{_libdir}/%{name}/connection-driver/libvirt_driver_qemu.so +%dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/swtpm/ +%dir %attr(0711, root, root) %{_localstatedir}/log/swtpm/libvirt/qemu/ %endif =20 %if %{with_lxc} diff --git a/src/qemu/Makefile.inc.am b/src/qemu/Makefile.inc.am index 63e7c87..7f50501 100644 --- a/src/qemu/Makefile.inc.am +++ b/src/qemu/Makefile.inc.am @@ -129,12 +129,18 @@ install-data-qemu: $(MKDIR_P) "$(DESTDIR)$(localstatedir)/run/libvirt/qemu" $(MKDIR_P) "$(DESTDIR)$(localstatedir)/cache/libvirt/qemu" $(MKDIR_P) "$(DESTDIR)$(localstatedir)/log/libvirt/qemu" + $(MKDIR_P) "$(DESTDIR)$(localstatedir)/lib/libvirt/swtpm" + $(MKDIR_P) "$(DESTDIR)$(localstatedir)/run/libvirt/qemu/swtpm" + $(MKDIR_P) "$(DESTDIR)$(localstatedir)/log/swtpm/libvirt/qemu" =20 uninstall-data-qemu: rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/qemu" ||: rmdir "$(DESTDIR)$(localstatedir)/run/libvirt/qemu" ||: rmdir "$(DESTDIR)$(localstatedir)/cache/libvirt/qemu" ||: rmdir "$(DESTDIR)$(localstatedir)/log/libvirt/qemu" ||: + rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/swtpm" + rmdir "$(DESTDIR)$(localstatedir)/run/libvirt/qemu/swtpm" ||: + rmdir "$(DESTDIR)$(localstatedir)/log/swtpm/libvirt/qemu" ||: =20 endif WITH_QEMU =20 diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index c19bf3a..23bfe67 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -118,6 +118,9 @@ module Libvirtd_qemu =3D let vxhs_entry =3D bool_entry "vxhs_tls" | str_entry "vxhs_tls_x509_cert_dir" =20 + let swtpm_user_entry =3D str_entry "swtpm_user" + let swtpm_group_entry =3D str_entry "swtpm_group" + (* Each entry in the config is one of the following ... *) let entry =3D default_tls_entry | vnc_entry @@ -137,6 +140,8 @@ module Libvirtd_qemu =3D | gluster_debug_level_entry | memory_entry | vxhs_entry + | swtpm_user_entry + | swtpm_group_entry =20 let comment =3D [ label "#comment" . del /#[ \t]*/ "# " . store /([^ \= t\n][^\n]*)?/ . del /\n/ "\n" ] let empty =3D [ label "#empty" . eol ] diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index 3444185..26a6dc7 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -779,3 +779,11 @@ # This directory is used for memoryBacking source if configured as file. # NOTE: big files will be stored here #memory_backing_dir =3D "/var/lib/libvirt/qemu/ram" + +# User for the swtpm TPM Emulator +# +# Default is 'tss'; this is the same user that tcsd (TrouSerS) installs +# and uses; alternative is 'root' +# +#swtpm_user =3D "tss" +#swtpm_group =3D "tss" diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index bfbb572..5383fd2 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -159,6 +159,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool pri= vileged) "%s/log/libvirt/qemu", LOCALSTATEDIR) < 0) goto error; =20 + if (virAsprintf(&cfg->swtpmLogDir, + "%s/log/swtpm/libvirt/qemu", LOCALSTATEDIR) < 0) + goto error; + if (VIR_STRDUP(cfg->configBaseDir, SYSCONFDIR "/libvirt") < 0) goto error; =20 @@ -166,6 +170,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool pri= vileged) "%s/run/libvirt/qemu", LOCALSTATEDIR) < 0) goto error; =20 + if (virAsprintf(&cfg->swtpmStateDir, + "%s/run/libvirt/qemu/swtpm", LOCALSTATEDIR) < 0) + goto error; + if (virAsprintf(&cfg->cacheDir, "%s/cache/libvirt/qemu", LOCALSTATEDIR) < 0) goto error; @@ -186,6 +194,13 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool pri= vileged) goto error; if (virAsprintf(&cfg->memoryBackingDir, "%s/ram", cfg->libDir) < 0) goto error; + if (virAsprintf(&cfg->swtpmStorageDir, "%s/lib/libvirt/swtpm", + LOCALSTATEDIR) < 0) + goto error; + if (virGetUserID("tss", &cfg->swtpm_user) < 0) + cfg->swtpm_user =3D 0; /* fall back to root */ + if (virGetGroupID("tss", &cfg->swtpm_group) < 0) + cfg->swtpm_group =3D 0; /* fall back to root */ } else { char *rundir; char *cachedir; @@ -199,6 +214,11 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool pri= vileged) VIR_FREE(cachedir); goto error; } + if (virAsprintf(&cfg->swtpmLogDir, + "%s/qemu/log", cachedir) < 0) { + VIR_FREE(cachedir); + goto error; + } if (virAsprintf(&cfg->cacheDir, "%s/qemu/cache", cachedir) < 0) { VIR_FREE(cachedir); goto error; @@ -214,6 +234,9 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool priv= ileged) } VIR_FREE(rundir); =20 + if (virAsprintf(&cfg->swtpmStateDir, "%s/swtpm", cfg->stateDir) < = 0) + goto error; + if (!(cfg->configBaseDir =3D virGetUserConfigDirectory())) goto error; =20 @@ -233,6 +256,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool pri= vileged) goto error; if (virAsprintf(&cfg->memoryBackingDir, "%s/qemu/ram", cfg->config= BaseDir) < 0) goto error; + if (virAsprintf(&cfg->swtpmStorageDir, "%s/qemu/swtpm", cfg->confi= gBaseDir) < 0) + goto error; + cfg->swtpm_user =3D (uid_t)-1; + cfg->swtpm_group =3D (gid_t)-1; } =20 if (virAsprintf(&cfg->configDir, "%s/qemu", cfg->configBaseDir) < 0) @@ -351,7 +378,9 @@ static void virQEMUDriverConfigDispose(void *obj) VIR_FREE(cfg->configDir); VIR_FREE(cfg->autostartDir); VIR_FREE(cfg->logDir); + VIR_FREE(cfg->swtpmLogDir); VIR_FREE(cfg->stateDir); + VIR_FREE(cfg->swtpmStateDir); =20 VIR_FREE(cfg->libDir); VIR_FREE(cfg->cacheDir); @@ -400,6 +429,7 @@ static void virQEMUDriverConfigDispose(void *obj) virFirmwareFreeList(cfg->firmwares, cfg->nfirmwares); =20 VIR_FREE(cfg->memoryBackingDir); + VIR_FREE(cfg->swtpmStorageDir); } =20 =20 @@ -471,6 +501,7 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr = cfg, size_t i, j; char *stdioHandler =3D NULL; char *user =3D NULL, *group =3D NULL; + char *swtpm_user =3D NULL, *swtpm_group =3D NULL; char **controllers =3D NULL; char **hugetlbfs =3D NULL; char **nvram =3D NULL; @@ -907,6 +938,16 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr= cfg, if (virConfGetValueString(conf, "memory_backing_dir", &cfg->memoryBack= ingDir) < 0) goto cleanup; =20 + if (virConfGetValueString(conf, "swtpm_user", &swtpm_user) < 0) + goto cleanup; + if (swtpm_user && virGetUserID(swtpm_user, &cfg->swtpm_user) < 0) + goto cleanup; + + if (virConfGetValueString(conf, "swtpm_group", &swtpm_group) < 0) + goto cleanup; + if (swtpm_group && virGetGroupID(swtpm_group, &cfg->swtpm_group) < 0) + goto cleanup; + ret =3D 0; =20 cleanup: @@ -917,6 +958,8 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr = cfg, VIR_FREE(corestr); VIR_FREE(user); VIR_FREE(group); + VIR_FREE(swtpm_user); + VIR_FREE(swtpm_group); virConfFree(conf); return ret; } diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h index e1ad546..19dc0bc 100644 --- a/src/qemu/qemu_conf.h +++ b/src/qemu/qemu_conf.h @@ -102,7 +102,9 @@ struct _virQEMUDriverConfig { char *configDir; char *autostartDir; char *logDir; + char *swtpmLogDir; char *stateDir; + char *swtpmStateDir; /* These two directories are ones QEMU processes use (so must match * the QEMU user/group */ char *libDir; @@ -111,6 +113,7 @@ struct _virQEMUDriverConfig { char *snapshotDir; char *channelTargetDir; char *nvramDir; + char *swtpmStorageDir; =20 char *defaultTLSx509certdir; bool checkdefaultTLSx509certdir; @@ -206,6 +209,9 @@ struct _virQEMUDriverConfig { =20 bool vxhsTLS; char *vxhsTLSx509certdir; + + uid_t swtpm_user; + gid_t swtpm_group; }; =20 /* Main driver state */ diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe= mu.aug.in index 688e5b9..6d6e1d4 100644 --- a/src/qemu/test_libvirtd_qemu.aug.in +++ b/src/qemu/test_libvirtd_qemu.aug.in @@ -100,3 +100,5 @@ module Test_libvirtd_qemu =3D { "1" =3D "mount" } } { "memory_backing_dir" =3D "/var/lib/libvirt/qemu/ram" } +{ "swtpm_user" =3D "tss" } +{ "swtpm_group" =3D "tss" } --=20 2.5.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list