Discussion:
[libvirt] How libvirt address qemu command line args
z***@gmail.com
2016-10-18 06:59:02 UTC
Permalink
Now I want to add some args about TPM to domain's XML,so I can start a domain by virt-manager or other virsh command,and then ,I would like to use sVIrt security context to label vTPM and correspondingVM,But I do not know how to get these XML args in libvirt.
the key problem is that how can i get and recognize these args!!!
related XML content :

<qemu:commandline>
<qemu:arg value='-enable-kvm'/>
<qemu:arg value='-drive'/>
<qemu:arg value='file=/root/nvram_2.0-jin.qcow2,if=none,id=nvram0-0-0,format=qcow2'/>
<qemu:arg value='-device'/>
<qemu:arg value='tpm-tis,tpmdev=tpm-tpm0,id=tpm0'/>
<qemu:arg value='-tpmdev'/>
<qemu:arg value='libtpms,id=tpm-tpm0,nvram=nvram0-0-0,startup=clear'/>
<qemu:arg value='-bios'/>
<qemu:arg value='/root/xenSeabios/out/bios.bin'/>
</qemu:commandline>




***@gmail.com
Michal Privoznik
2016-10-19 02:17:21 UTC
Permalink
This post might be inappropriate. Click to display it.
Daniel P. Berrange
2016-10-19 07:35:34 UTC
Permalink
Post by Michal Privoznik
Post by z***@gmail.com
Now I want to add some args about TPM to domain's XML,so I can start a domain by virt-manager or other virsh command,and then ,I would like to use sVIrt security context to label vTPM and correspondingVM,But I do not know how to get these XML args in libvirt.
the key problem is that how can i get and recognize these args!!!
Usually, grepping the code for cmd name <-> XML element/attribute
translation is sufficient (esp. if you grep tests/)
Post by z***@gmail.com
<qemu:commandline>
<qemu:arg value='-enable-kvm'/>
Firstly, this is obsolete in favour of "-machine accel=kvm". In any
case, <domain type='kvm'/> will do the trick (libvirt will use whatever
is supported by qemu binary in your system).
Post by z***@gmail.com
<qemu:arg value='-drive'/>
<qemu:arg value='file=/root/nvram_2.0-jin.qcow2,if=none,id=nvram0-0-0,format=qcow2'/>
Okay, this is not supported by libvirt yet. We don't really have a way
how to specify NVRAM in anything other than a raw file. BTW: isn't qcow
too big gun for NVRAM? I mean, NVRAM has a fixed size of what ~190 KB?
QCOW header is about the same size.
Post by z***@gmail.com
<qemu:arg value='-device'/>
<qemu:arg value='tpm-tis,tpmdev=tpm-tpm0,id=tpm0'/>
<qemu:arg value='-tpmdev'/>
<qemu:arg value='libtpms,id=tpm-tpm0,nvram=nvram0-0-0,startup=clear'/>
I'm not sure there's a way how to put startup=clean on the cmd line. I'm
not even sure what it does.
And I have not idea what libtpms is either :-)
Post by z***@gmail.com
<qemu:arg value='-bios'/>
<qemu:arg value='/root/xenSeabios/out/bios.bin'/>
</qemu:commandline>
On top of all that - QEMU is likely to fail to start since libvirt by
default runs it as qemu:qemu user/group, and so it won't have permission
to read any of the files in /root. If you have selinux/apparmour that
will also block permission.

This is an example of why usage of qemu:commandline is discouraged - it
will always have problems with permissions if you pass files using it.

Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
Loading...