From nobody Thu Apr 25 22:45:47 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=reject dis=none) header.from=il.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1678701080; cv=none; d=zohomail.com; s=zohoarc; b=EWKzTi2k5lWS7Z1Y4RIyXQiB0MqJ32xYUbXjoLX4Bri4fJWOg1wFaV4pHUlPDs0ElYB5svd3bxabcEzpuKtIX9KBnwSFp+WMKFwf50TJF+FkkJJ7anJgEOOo/xC2xDWnqinNM4A0yGlnIxsWctJbFjY6SHIDCTCEVby3OFFDCH0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678701080; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=OlkQ+UmqZNS2gpdNtd4od0+CK8J8t9KzpYcSd4+/QbE=; b=SGGpiLwZVG/IIykAcNAwb1wktP0xowmeL4fJXsWCk9Vs5oyVkwFOX3dCAcav3zJRW0e4BNqXP/pGcaGkpOdw5l6bOc6ywY85OYkts6sqjA7eh152CXH9+eCEWzKw81scuoJLE/nArikst7O5Z+XxtcMRweiXlQOrL7HXzdcFVCM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=reject dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1678701080160746.7549417392948; Mon, 13 Mar 2023 02:51:20 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-401-inlUTgsxPn2bt0wHeZiK_A-1; Mon, 13 Mar 2023 05:51:17 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 73E12181E401; Mon, 13 Mar 2023 09:51:14 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5E45B202701E; Mon, 13 Mar 2023 09:51:14 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 3201D194658F; Mon, 13 Mar 2023 09:51:09 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id AF0301946588 for ; Mon, 13 Mar 2023 09:51:08 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id A50542166B2A; Mon, 13 Mar 2023 09:51:08 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9D8002166B26 for ; Mon, 13 Mar 2023 09:51:08 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7F79085CBE5 for ; Mon, 13 Mar 2023 09:51:08 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-150-7nyWTsApNZmFkFtnY3we1w-1; Mon, 13 Mar 2023 05:51:06 -0400 Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 32D7NK0h017286 for ; Mon, 13 Mar 2023 09:51:05 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3p933kh8fc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 13 Mar 2023 09:51:04 +0000 Received: from m0098399.ppops.net (m0098399.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 32D7Pv0A027055 for ; Mon, 13 Mar 2023 09:51:04 GMT Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3p933kh8f0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Mar 2023 09:51:04 +0000 Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1]) by ppma01wdc.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 32D7EijA019322; Mon, 13 Mar 2023 09:51:03 GMT Received: from smtprelay05.wdc07v.mail.ibm.com ([9.208.129.117]) by ppma01wdc.us.ibm.com (PPS) with ESMTPS id 3p8h96mv6t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Mar 2023 09:51:03 +0000 Received: from smtpav05.wdc07v.mail.ibm.com (smtpav05.wdc07v.mail.ibm.com [10.39.53.232]) by smtprelay05.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 32D9p0qt59113972 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 13 Mar 2023 09:51:00 GMT Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 17F6A58059; Mon, 13 Mar 2023 09:51:00 +0000 (GMT) Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2458C58043; Mon, 13 Mar 2023 09:50:59 +0000 (GMT) Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176]) by smtpav05.wdc07v.mail.ibm.com (Postfix) with ESMTP; Mon, 13 Mar 2023 09:50:58 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1678701079; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=OlkQ+UmqZNS2gpdNtd4od0+CK8J8t9KzpYcSd4+/QbE=; b=GtNDY/XvajePP0LNAZBJRgO+K9Zo4qhq62yaQS+I2/NJg9RyHMMherRcgUUYCduO3Kh9jh pYyoeUEoTaCEruK+iuQarRHyImTqrFAthnpMvgJFwX3gEidwHnsG/trb7oSLCkN2Ci07y7 NiYXG3lAoHD1EfPx7BWYrZIU3frBiEA= X-MC-Unique: inlUTgsxPn2bt0wHeZiK_A-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: 7nyWTsApNZmFkFtnY3we1w-1 From: Or Ozeri To: libvir-list@redhat.com Subject: [PATCH v2 5/7] qemu: add support for librbd layered encryption Date: Mon, 13 Mar 2023 04:50:21 -0500 Message-Id: <20230313095023.3477917-6-oro@il.ibm.com> In-Reply-To: <20230313095023.3477917-1-oro@il.ibm.com> References: <20230313095023.3477917-1-oro@il.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: BlTzaiprkqcIkDlbtstKd-WyZgnnjy0s X-Proofpoint-ORIG-GUID: ad7F7NcZyIP6fOgu23I3pXzMFrlEPvsW X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-13_01,2023-03-10_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 impostorscore=0 mlxscore=0 clxscore=1015 priorityscore=1501 suspectscore=0 adultscore=0 malwarescore=0 phishscore=0 mlxlogscore=999 spamscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303130069 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: oro@il.ibm.com, idryomov@gmail.com, dannyh@il.ibm.com Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1678701081759100002 Content-Type: text/plain; charset="utf-8"; x-default="true" This commit enables libvirt users to use layered encryption of RBD images, using the librbd encryption engine. This allows opening of an encrypted cloned image whose parent is encrypted with a possibly different encryption key. To open such images, multiple encryption secrets are expected to be defined under the encryption XML tag. Signed-off-by: Or Ozeri --- docs/formatstorageencryption.rst | 11 +++-- src/conf/schemas/storagecommon.rng | 4 +- src/qemu/qemu_block.c | 20 ++++++-- src/qemu/qemu_domain.c | 14 ++++++ src/qemu/qemu_validate.c | 8 ++++ ...k-rbd-encryption-layering.x86_64-7.2.0.err | 1 + ...rbd-encryption-layering.x86_64-latest.args | 39 ++++++++++++++++ .../disk-network-rbd-encryption-layering.xml | 41 +++++++++++++++++ tests/qemuxml2argvtest.c | 2 + ...-rbd-encryption-layering.x86_64-latest.xml | 46 +++++++++++++++++++ tests/qemuxml2xmltest.c | 1 + 11 files changed, 178 insertions(+), 9 deletions(-) create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption-laye= ring.x86_64-7.2.0.err create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption-laye= ring.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption-laye= ring.xml create mode 100644 tests/qemuxml2xmloutdata/disk-network-rbd-encryption-la= yering.x86_64-latest.xml diff --git a/docs/formatstorageencryption.rst b/docs/formatstorageencryptio= n.rst index 2c19473d6b..3b3e9ea379 100644 --- a/docs/formatstorageencryption.rst +++ b/docs/formatstorageencryption.rst @@ -28,7 +28,10 @@ network disks. If the engine tag is not specified, the `= `qemu`` engine will be used by default (assuming the qemu driver is used). Note that ``librbd`` e= ngine is currently only supported by the qemu VM driver, and is not supported by= the storage driver. Furthermore, the storage driver currently ignores the ``en= gine`` -tag. +tag. :since:`since 9.3.0` RBD layered encryption is supported. Layered +encryption requires a secret per each encrypted layer. The first secret +corresponds to the (child) image itself, the second secret to the parent i= mage, +and so forth. =20 The ``encryption`` tag can currently contain a sequence of ``secret`` tags= , each with mandatory attributes ``type`` and either ``uuid`` or ``usage`` ( @@ -55,7 +58,8 @@ added to libvirt. The ``luks`` format is specific to a luks encrypted volume and the secret = is used in order to either encrypt during volume creation or decrypt the volu= me for usage by the domain. A single ```` element = is -expected. :since:`Since 2.1.0` . +expected (except for the case of RBD layered encryption mentioned above). +:since:`Since 2.1.0` . =20 For volume creation, it is possible to specify the encryption algorithm us= ed to encrypt the luks volume. The following two optional elements may be provid= ed for @@ -102,7 +106,8 @@ can only be applied to RBD network disks (RBD images). = Since the ``librbd`` engine is currently not supported by the libvirt storage driver, you canno= t use it to control such disks. However, pre-formatted RBD luks2 disks can be lo= aded to a qemu VM using the qemu VM driver. A single -```` element is expected. +```` element is expected (except for the ca= se of +RBD layered encryption mentioned above). =20 Examples -------- diff --git a/src/conf/schemas/storagecommon.rng b/src/conf/schemas/storagec= ommon.rng index 23eff9ecb1..225456f03c 100644 --- a/src/conf/schemas/storagecommon.rng +++ b/src/conf/schemas/storagecommon.rng @@ -26,7 +26,9 @@ - + + + diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 0cc3b82cca..d50cfa20c5 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -564,6 +564,8 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *src, =20 if (src->encryption && src->encryption->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_LIBRB= D) { + size_t i; + switch ((virStorageEncryptionFormatType) src->encryption->format) { case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS: encformat =3D "luks"; @@ -580,11 +582,19 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *s= rc, break; } =20 - if (virJSONValueObjectAdd(&encrypt, - "s:format", encformat, - "s:key-secret", srcPriv->encinfo[0]->ali= as, - NULL) < 0) - return NULL; + for (i =3D src->encryption->nsecrets; i > 0; --i) { + g_autoptr(virJSONValue) new =3D NULL; + + /* we consume the lower layer 'encrypt' into a new object */ + if (virJSONValueObjectAdd(&new, + "s:format", encformat, + "s:key-secret", srcPriv->encinfo[i-1= ]->alias, + "A:parent", &encrypt, + NULL) < 0) + return NULL; + + encrypt =3D g_steal_pointer(&new); + } } =20 if (virJSONValueObjectAdd(&ret, diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 638788c614..726d0ab0a1 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -5198,6 +5198,12 @@ qemuDomainValidateStorageSource(virStorageSource *sr= c, return -1; } =20 + if (src->encryption->nsecrets > 1) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("qemu encryption engine expects only = a single secret")); + return -1; + } + break; =20 case VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD: @@ -5213,6 +5219,14 @@ qemuDomainValidateStorageSource(virStorageSource *sr= c, _("librbd encryption is supported only = with RBD backed disks")); return -1; } + + if (src->encryption->nsecrets > 1) { + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_RBD_ENCRYPTION= _LAYERING)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("librbd encryption layering is no= t supported by this QEMU binary")); + return -1; + } + } break; =20 case VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT: diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index 0146220d8f..345e3eef45 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -3351,6 +3351,14 @@ qemuValidateDomainDeviceDefDisk(const virDomainDiskD= ef *disk, return -1; } =20 + if (disk->bus =3D=3D VIR_DOMAIN_DISK_BUS_SD && + disk->src && disk->src->encryption && disk->src->encryption->nsecr= ets > 1) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("sd card '%s' does not support multiple encryptio= n secrets"), + disk->dst); + return -1; + } + if (disk->src->type =3D=3D VIR_STORAGE_TYPE_VHOST_USER) { if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_VHOST_USER_BLK)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.x8= 6_64-7.2.0.err b/tests/qemuxml2argvdata/disk-network-rbd-encryption-layerin= g.x86_64-7.2.0.err new file mode 100644 index 0000000000..73e5b2a1f3 --- /dev/null +++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.x86_64-7.= 2.0.err @@ -0,0 +1 @@ +unsupported configuration: librbd encryption layering is not supported by = this QEMU binary diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.x8= 6_64-latest.args b/tests/qemuxml2argvdata/disk-network-rbd-encryption-layer= ing.x86_64-latest.args new file mode 100644 index 0000000000..c9e1a0cc72 --- /dev/null +++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.x86_64-la= test.args @@ -0,0 +1,39 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/var/lib/libvirt/qemu/domain--1-encryptdisk \ +USER=3Dtest \ +LOGNAME=3Dtest \ +XDG_DATA_HOME=3D/var/lib/libvirt/qemu/domain--1-encryptdisk/.local/share \ +XDG_CACHE_HOME=3D/var/lib/libvirt/qemu/domain--1-encryptdisk/.cache \ +XDG_CONFIG_HOME=3D/var/lib/libvirt/qemu/domain--1-encryptdisk/.config \ +/usr/bin/qemu-system-x86_64 \ +-name guest=3Dencryptdisk,debug-threads=3Don \ +-S \ +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/va= r/lib/libvirt/qemu/domain--1-encryptdisk/master-key.aes"}' \ +-machine pc-i440fx-2.1,usb=3Doff,dump-guest-core=3Doff,memory-backend=3Dpc= .ram,acpi=3Doff \ +-accel tcg \ +-cpu qemu64 \ +-m 1024 \ +-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}= ' \ +-overcommit mem-lock=3Doff \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-boot strict=3Don \ +-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0= x2"}' \ +-object '{"qom-type":"secret","id":"libvirt-1-format-encryption-secret0","= data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k= eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \ +-object '{"qom-type":"secret","id":"libvirt-1-format-encryption-secret1","= data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k= eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \ +-object '{"qom-type":"secret","id":"libvirt-1-format-encryption-secret2","= data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k= eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \ +-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"= :"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"= },{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks","ke= y-secret":"libvirt-1-format-encryption-secret0","parent":{"format":"luks","= key-secret":"libvirt-1-format-encryption-secret1","parent":{"format":"luks"= ,"key-secret":"libvirt-1-format-encryption-secret2"}}},"node-name":"libvirt= -1-storage","auto-read-only":true,"discard":"unmap"}' \ +-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw= ","file":"libvirt-1-storage"}' \ +-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x2","drive":"li= bvirt-1-format","id":"virtio-disk0","bootindex":1}' \ +-audiodev '{"id":"audio1","driver":"none"}' \ +-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","add= r":"0x3"}' \ +-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource= control=3Ddeny \ +-msg timestamp=3Don diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.xm= l b/tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.xml new file mode 100644 index 0000000000..8c2c008dc3 --- /dev/null +++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.xml @@ -0,0 +1,41 @@ + + encryptdisk + 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 + 1048576 + 524288 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + + + + + + + + +
+ + + + + +
+ + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index c879fa90e0..94e88f7eab 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1247,6 +1247,8 @@ mymain(void) DO_TEST_CAPS_LATEST("disk-network-rbd"); DO_TEST_CAPS_VER_PARSE_ERROR("disk-network-rbd-encryption", "6.0.0"); DO_TEST_CAPS_LATEST("disk-network-rbd-encryption"); + DO_TEST_CAPS_VER_PARSE_ERROR("disk-network-rbd-encryption-layering", "= 7.2.0"); + DO_TEST_CAPS_LATEST("disk-network-rbd-encryption-layering"); DO_TEST_CAPS_LATEST_PARSE_ERROR("disk-encryption-wrong"); DO_TEST_CAPS_LATEST("disk-network-rbd-no-colon"); /* qemu-6.0 is the last qemu version supporting sheepdog */ diff --git a/tests/qemuxml2xmloutdata/disk-network-rbd-encryption-layering.= x86_64-latest.xml b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption-la= yering.x86_64-latest.xml new file mode 100644 index 0000000000..e3a9463e43 --- /dev/null +++ b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption-layering.x86_64-= latest.xml @@ -0,0 +1,46 @@ + + encryptdisk + 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 + 1048576 + 524288 + 1 + + hvm + + + + qemu64 + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + + + + + + +
+ + +
+ + + + +