From nobody Wed Apr 24 14:17:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=reject dis=none) header.from=il.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1678701082; cv=none; d=zohomail.com; s=zohoarc; b=bTUUBcxdvX6/Czf2VayTQv/OQ/Q9xA36SDLujsJQ3YD7HlWtrGHQloxE9RtnmlD+sRs8mUH+sEemd/i5rUO+OTf3qYahDbcv9djjwo1JO49qV1NbgHXVmzr/7Az0qSwMOozq6LygaR9UGKtYQg5Mo5sa5q6aKKFV3jTTE+Bf+g8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678701082; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=SteeUy0Udkwi8qsouh1kN21GK8LJUyz+prkhf91iZoI=; b=YoJQehOp/MJkoHUF3C1yNy3k/F9ALr6PK7H7PO2SyoeGi22L3DWSysXzSz4o2LgFa3gGoWPb3eG8pkNEnZCSq/YBX4zwRcgYwGXueX/DjCEROkvPzBXeDWzo8iRz5lffaWlyzYCGVrZVkEA1Bo2kmYZ+M2LrPLjZf4sB5KRCFrU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=reject dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1678701082860396.39470176061764; Mon, 13 Mar 2023 02:51:22 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-607-JTFDLgpUPdG9UVNVk7bqBA-1; Mon, 13 Mar 2023 05:51:20 -0400 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2A4CC3C025C5; Mon, 13 Mar 2023 09:51:18 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 146A7400F50; Mon, 13 Mar 2023 09:51:18 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 05CCB194658F; Mon, 13 Mar 2023 09:51:18 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id B19DC1946588 for ; Mon, 13 Mar 2023 09:51:16 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id A84812A68; Mon, 13 Mar 2023 09:51:16 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast09.extmail.prod.ext.rdu2.redhat.com [10.11.55.25]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A09D11731B for ; Mon, 13 Mar 2023 09:51:16 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7C10D299E745 for ; Mon, 13 Mar 2023 09:51:16 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-625-a_GdMtwNOxmbi61GgqubCQ-1; Mon, 13 Mar 2023 05:51:14 -0400 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 32D8DJ5Z029740 for ; Mon, 13 Mar 2023 09:51:13 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3p937u8we9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 13 Mar 2023 09:51:13 +0000 Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 32D883rh012469 for ; Mon, 13 Mar 2023 09:51:13 GMT Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3p937u8we4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Mar 2023 09:51:13 +0000 Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 32D7Fnv3017779; Mon, 13 Mar 2023 09:51:12 GMT Received: from smtprelay01.wdc07v.mail.ibm.com ([9.208.129.119]) by ppma02wdc.us.ibm.com (PPS) with ESMTPS id 3p8h97cx45-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Mar 2023 09:51:12 +0000 Received: from smtpav05.wdc07v.mail.ibm.com (smtpav05.wdc07v.mail.ibm.com [10.39.53.232]) by smtprelay01.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 32D9p9KR16187748 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 13 Mar 2023 09:51:09 GMT Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6DB5C5805F; Mon, 13 Mar 2023 09:51:09 +0000 (GMT) Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 97C2B58061; Mon, 13 Mar 2023 09:51:08 +0000 (GMT) Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176]) by smtpav05.wdc07v.mail.ibm.com (Postfix) with ESMTP; Mon, 13 Mar 2023 09:51:08 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1678701081; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=SteeUy0Udkwi8qsouh1kN21GK8LJUyz+prkhf91iZoI=; b=EziNSZYUw/2FN+hrSWVgkd513boo2lr5IwRRgwS57gwlIpCbYn/XfRkmqdvQJ5WB4gF7cl adW0QJIKFAkra6gxyqVe1Xk7VZ610UHIk5YVtPX769W+uhoH6A2n0ELN9HVW89+5v2aQBU FTQIPFIlGTm4E5AWdezNwBg8Cidl/LQ= X-MC-Unique: JTFDLgpUPdG9UVNVk7bqBA-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: a_GdMtwNOxmbi61GgqubCQ-1 From: Or Ozeri To: libvir-list@redhat.com Subject: [PATCH v2 7/7] qemu: add luks-any encryption support for RBD images Date: Mon, 13 Mar 2023 04:50:23 -0500 Message-Id: <20230313095023.3477917-8-oro@il.ibm.com> In-Reply-To: <20230313095023.3477917-1-oro@il.ibm.com> References: <20230313095023.3477917-1-oro@il.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: gRF4OECSK9LW9ao8EFgDu_J5dczYQzqk X-Proofpoint-GUID: vYp3Xj8xl2jxAlVvgUyjbM08_6PZrpRa X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-13_02,2023-03-10_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 lowpriorityscore=0 mlxlogscore=999 phishscore=0 suspectscore=0 malwarescore=0 clxscore=1015 mlxscore=0 impostorscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303130078 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: oro@il.ibm.com, idryomov@gmail.com, dannyh@il.ibm.com Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1678701083728100005 Content-Type: text/plain; charset="utf-8"; x-default="true" The newly added luks-any rbd encryption format in qemu allows for opening both LUKS and LUKS2 encryption formats. This commit enables libvirt uses to use this wildcard format. Signed-off-by: Or Ozeri --- docs/formatstorageencryption.rst | 9 ++++ src/conf/schemas/storagecommon.rng | 1 + src/conf/storage_encryption_conf.c | 2 +- src/conf/storage_encryption_conf.h | 1 + src/libvirt_private.syms | 1 + src/qemu/qemu_block.c | 10 +++-- src/qemu/qemu_domain.c | 29 +++++++++++- ...k-rbd-encryption-luks-any.x86_64-7.2.0.err | 1 + ...rbd-encryption-luks-any.x86_64-latest.args | 37 ++++++++++++++++ .../disk-network-rbd-encryption-luks-any.xml | 39 ++++++++++++++++ tests/qemuxml2argvtest.c | 2 + ...-rbd-encryption-luks-any.x86_64-latest.xml | 44 +++++++++++++++++++ tests/qemuxml2xmltest.c | 1 + 13 files changed, 170 insertions(+), 7 deletions(-) create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption-luks= -any.x86_64-7.2.0.err create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption-luks= -any.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption-luks= -any.xml create mode 100644 tests/qemuxml2xmloutdata/disk-network-rbd-encryption-lu= ks-any.x86_64-latest.xml diff --git a/docs/formatstorageencryption.rst b/docs/formatstorageencryptio= n.rst index 3b3e9ea379..071ea8f4d1 100644 --- a/docs/formatstorageencryption.rst +++ b/docs/formatstorageencryption.rst @@ -109,6 +109,15 @@ to a qemu VM using the qemu VM driver. A single ```` element is expected (except for the ca= se of RBD layered encryption mentioned above). =20 +``luks-any`` format +~~~~~~~~~~~~~~~~~~~ + +The ``luks-any`` format is currently supported only by the ``librbd`` engi= ne, +and can only be applied to RBD network disks (RBD images). This format wil= l try +to parse the disk as either LUKS or LUKS2, depending on the actual on-disk +format. A single ```` element is expected (= except +for the case of RBD layered encryption mentioned above) :since:`Since 9.3.= 0` . + Examples -------- =20 diff --git a/src/conf/schemas/storagecommon.rng b/src/conf/schemas/storagec= ommon.rng index 225456f03c..14704c737e 100644 --- a/src/conf/schemas/storagecommon.rng +++ b/src/conf/schemas/storagecommon.rng @@ -14,6 +14,7 @@ qcow luks luks2 + luks-any diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encrypti= on_conf.c index 3651ff8cfd..639cbf2e58 100644 --- a/src/conf/storage_encryption_conf.c +++ b/src/conf/storage_encryption_conf.c @@ -41,7 +41,7 @@ VIR_ENUM_IMPL(virStorageEncryptionSecret, =20 VIR_ENUM_IMPL(virStorageEncryptionFormat, VIR_STORAGE_ENCRYPTION_FORMAT_LAST, - "default", "qcow", "luks", "luks2", + "default", "qcow", "luks", "luks2", "luks-any", ); =20 VIR_ENUM_IMPL(virStorageEncryptionEngine, diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encrypti= on_conf.h index 312599ad44..03f0e60feb 100644 --- a/src/conf/storage_encryption_conf.h +++ b/src/conf/storage_encryption_conf.h @@ -66,6 +66,7 @@ typedef enum { VIR_STORAGE_ENCRYPTION_FORMAT_QCOW, /* Both qcow and qcow2 */ VIR_STORAGE_ENCRYPTION_FORMAT_LUKS, VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2, + VIR_STORAGE_ENCRYPTION_FORMAT_LUKS_ANY, =20 VIR_STORAGE_ENCRYPTION_FORMAT_LAST, } virStorageEncryptionFormatType; diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 6f44788233..3187112ca3 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1095,6 +1095,7 @@ virStorageVolTypeToString; =20 # conf/storage_encryption_conf.h virStorageEncryptionFormat; +virStorageEncryptionFormatTypeToString; virStorageEncryptionFree; virStorageEncryptionParseNode; =20 diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index d50cfa20c5..3fafc31084 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -575,6 +575,10 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *sr= c, encformat =3D "luks2"; break; =20 + case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS_ANY: + encformat =3D "luks-any"; + break; + case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW: case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT: case VIR_STORAGE_ENCRYPTION_FORMAT_LAST: @@ -1052,10 +1056,8 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSourc= e *src, break; =20 case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2: - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("luks2 is currently not supported by the qemu enc= ryption engine")); - return -1; - + case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS_ANY: + /* validation code asserts the above cases are impossible */ case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT: case VIR_STORAGE_ENCRYPTION_FORMAT_LAST: default: diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 726d0ab0a1..a832e75c3c 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -5186,8 +5186,10 @@ qemuDomainValidateStorageSource(virStorageSource *sr= c, break; =20 case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2: - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("luks2 is currently not supported= by the qemu encryption engine")); + case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS_ANY: + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("'%s' is currently not supported = by the qemu encryption engine"), + virStorageEncryptionFormatTypeToStr= ing(src->encryption->format)); return -1; =20 case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT: @@ -5227,6 +5229,29 @@ qemuDomainValidateStorageSource(virStorageSource *sr= c, return -1; } } + + switch ((virStorageEncryptionFormatType) src->encryption->= format) { + case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS: + case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2: + break; + + case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS_ANY: + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_RBD_ENCRYP= TION_LUKS_ANY)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s= ", + _("luks-any encryption is not s= upported by this QEMU binary")); + return -1; + } + break; + + case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW: + /* validation code above already asserts this case= is impossible */ + case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT: + case VIR_STORAGE_ENCRYPTION_FORMAT_LAST: + default: + virReportEnumRangeError(virStorageEncryptionFormat= Type, + src->encryption->format); + return -1; + } break; =20 case VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT: diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption-luks-any.x8= 6_64-7.2.0.err b/tests/qemuxml2argvdata/disk-network-rbd-encryption-luks-an= y.x86_64-7.2.0.err new file mode 100644 index 0000000000..66b2a65ac1 --- /dev/null +++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption-luks-any.x86_64-7.= 2.0.err @@ -0,0 +1 @@ +unsupported configuration: luks-any encryption is not supported by this QE= MU binary diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption-luks-any.x8= 6_64-latest.args b/tests/qemuxml2argvdata/disk-network-rbd-encryption-luks-= any.x86_64-latest.args new file mode 100644 index 0000000000..5dedfc5f6b --- /dev/null +++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption-luks-any.x86_64-la= test.args @@ -0,0 +1,37 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/var/lib/libvirt/qemu/domain--1-encryptdisk \ +USER=3Dtest \ +LOGNAME=3Dtest \ +XDG_DATA_HOME=3D/var/lib/libvirt/qemu/domain--1-encryptdisk/.local/share \ +XDG_CACHE_HOME=3D/var/lib/libvirt/qemu/domain--1-encryptdisk/.cache \ +XDG_CONFIG_HOME=3D/var/lib/libvirt/qemu/domain--1-encryptdisk/.config \ +/usr/bin/qemu-system-x86_64 \ +-name guest=3Dencryptdisk,debug-threads=3Don \ +-S \ +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/va= r/lib/libvirt/qemu/domain--1-encryptdisk/master-key.aes"}' \ +-machine pc-i440fx-2.1,usb=3Doff,dump-guest-core=3Doff,memory-backend=3Dpc= .ram,acpi=3Doff \ +-accel tcg \ +-cpu qemu64 \ +-m 1024 \ +-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}= ' \ +-overcommit mem-lock=3Doff \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-boot strict=3Don \ +-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0= x2"}' \ +-object '{"qom-type":"secret","id":"libvirt-1-format-encryption-secret0","= data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k= eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \ +-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"= :"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"= },{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks-any"= ,"key-secret":"libvirt-1-format-encryption-secret0"},"node-name":"libvirt-1= -storage","auto-read-only":true,"discard":"unmap"}' \ +-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw= ","file":"libvirt-1-storage"}' \ +-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x2","drive":"li= bvirt-1-format","id":"virtio-disk0","bootindex":1}' \ +-audiodev '{"id":"audio1","driver":"none"}' \ +-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","add= r":"0x3"}' \ +-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource= control=3Ddeny \ +-msg timestamp=3Don diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption-luks-any.xm= l b/tests/qemuxml2argvdata/disk-network-rbd-encryption-luks-any.xml new file mode 100644 index 0000000000..37d9900e74 --- /dev/null +++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption-luks-any.xml @@ -0,0 +1,39 @@ + + encryptdisk + 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 + 1048576 + 524288 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + + + + + + +
+ + + + + +
+ + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 94e88f7eab..7bc2a134a7 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1249,6 +1249,8 @@ mymain(void) DO_TEST_CAPS_LATEST("disk-network-rbd-encryption"); DO_TEST_CAPS_VER_PARSE_ERROR("disk-network-rbd-encryption-layering", "= 7.2.0"); DO_TEST_CAPS_LATEST("disk-network-rbd-encryption-layering"); + DO_TEST_CAPS_VER_PARSE_ERROR("disk-network-rbd-encryption-luks-any", "= 7.2.0"); + DO_TEST_CAPS_LATEST("disk-network-rbd-encryption-luks-any"); DO_TEST_CAPS_LATEST_PARSE_ERROR("disk-encryption-wrong"); DO_TEST_CAPS_LATEST("disk-network-rbd-no-colon"); /* qemu-6.0 is the last qemu version supporting sheepdog */ diff --git a/tests/qemuxml2xmloutdata/disk-network-rbd-encryption-luks-any.= x86_64-latest.xml b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption-lu= ks-any.x86_64-latest.xml new file mode 100644 index 0000000000..d9f4ad17d9 --- /dev/null +++ b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption-luks-any.x86_64-= latest.xml @@ -0,0 +1,44 @@ + + encryptdisk + 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 + 1048576 + 524288 + 1 + + hvm + + + + qemu64 + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + + + + +
+ + +
+ + + + +