From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Alexey Krasikov <alex-krasikov@yandex-team.ru>
Cc: qemu-devel@nongnu.org, yc-core@yandex-team.ru
Subject: Re: [PATCH v4 2/3] crypto/linux_keyring: add 'secret_keyring' secret object.
Date: Wed, 27 May 2020 10:46:12 +0100 [thread overview]
Message-ID: <20200527094612.GF2665520@redhat.com> (raw)
In-Reply-To: <20200525111913.4274-1-alex-krasikov@yandex-team.ru>
On Mon, May 25, 2020 at 02:19:12PM +0300, Alexey Krasikov wrote:
> Add the ability for the secret object to obtain secret data from the
> Linux in-kernel key managment and retention facility, as an extra option
> to the existing ones: reading from a file or passing directly as a
> string.
>
> The secret is identified by the key serial number. The upper layers
> need to instantiate the key and make sure the QEMU process has access
> permissions to read it.
>
> Signed-off-by: Alexey Krasikov <alex-krasikov@yandex-team.ru>
> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
> configure | 38 ++++++++
> crypto/Makefile.objs | 1 +
> crypto/secret_keyring.c | 148 ++++++++++++++++++++++++++++++++
> include/crypto/secret_keyring.h | 52 +++++++++++
> 4 files changed, 239 insertions(+)
> create mode 100644 crypto/secret_keyring.c
> create mode 100644 include/crypto/secret_keyring.h
> diff --git a/crypto/secret_keyring.c b/crypto/secret_keyring.c
> new file mode 100644
> index 0000000000..aa29004639
> --- /dev/null
> +++ b/crypto/secret_keyring.c
> +static void
> +qcrypto_secret_keyring_class_init(ObjectClass *oc, void *data)
> +{
> + QCryptoSecretCommonClass *sic = QCRYPTO_SECRET_COMMON_CLASS(oc);
> + sic->load_data = qcrypto_secret_keyring_load_data;
> +
> + UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
> + ucc->complete = qcrypto_secret_keyring_complete;
> +
> + object_class_property_add(oc, "serial", "int32_t",
> + qcrypto_secret_prop_get_key,
> + qcrypto_secret_prop_set_key,
> + NULL, NULL, NULL);
This doesn't compile because of the extra arg, so not sure how
you tested this.
Since this is the only mistake, I'll fix it myself when quueing
these patches.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
prev parent reply other threads:[~2020-05-27 9:47 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-25 11:19 [PATCH v4 2/3] crypto/linux_keyring: add 'secret_keyring' secret object Alexey Krasikov
2020-05-25 11:19 ` [PATCH v4 3/3] test-crypto-secret: add 'secret_keyring' object tests Alexey Krasikov
2020-05-27 9:46 ` Daniel P. Berrangé
2020-05-27 9:46 ` Daniel P. Berrangé [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200527094612.GF2665520@redhat.com \
--to=berrange@redhat.com \
--cc=alex-krasikov@yandex-team.ru \
--cc=qemu-devel@nongnu.org \
--cc=yc-core@yandex-team.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).