From: Paolo Bonzini <pbonzini@redhat.com>
To: Eric Blake <eblake@redhat.com>
Cc: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] detecting -enable-fips
Date: Fri, 13 Dec 2013 17:14:13 +0100 [thread overview]
Message-ID: <52AB3255.3020509@redhat.com> (raw)
In-Reply-To: <52A0EA4D.1020606@redhat.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Il 05/12/2013 22:04, Eric Blake ha scritto:
> Commit 0f66998 added the command line option -enable-fips for qemu
> 1.2; but as of at least qemu 1.6, the 'query-command-line-options'
> QMP monitor command does not report it. This is particularly
> annoying since the command line option is conditional - it is
> present in Linux builds but absent in BSD builds. Does anyone know
> of any other QMP method for querying if this command line option is
> supported?
No, there is none.
query-command-line-options only queries QemuOpts-based options, and
non-QemuOpts-based options are hardly being added (because QemuOpts
also means that people can use the simpler -readconfig interface).
> Or am I just relegated to trying it and seeing if the option gets
> rejected?
I think libvirt should use -enable-fips unconditionally if FIPS mode
is enabled, even if that means that old QEMU will not work at all. On
BSDs, FIPS mode will never be enabled, so no problem.
> [I'm personally of the opinion that libvirt should use -enable-fips
> 100% of the time; I don't really see what it is buying us to have
> an option that can be enabled but not disabled, and where enabling
> it has no impact except when running in FIPS mode; especially when
> the other libraries in use on the system already honor FIPS mode
> without any extra command line option. But I'm not going to be the
> one to argue for a change in behavior other than the mere detection
> of the option.]
I agree.
Paolo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJSqzJVAAoJEBvWZb6bTYbyA18P/0aYqDg6yZZp2HRVti0UeLgF
bBltlo9aXuqjj2CEYqQYhLSg+445WSmL2zkLwsMPX7OxFSoUgXJHCTprsV3Zxl+f
yeBTo0xmgrFHDkJjCs0N6Z7TRUQYRtXoWhclf++PjsJWQi3qXtOYHl/RURzKLlKX
vjKwD7zlX7zbWmz9x2S3xNRWi/LVk2ibKkUvCQiV0YXRnkjR2btZoFWUs75WGbH6
2IdBwpYgVspDmr/cQqd+tycmSMkViLIJ8ObIxfv7j0Z6m9QJeHK2O/skg+DNHRsl
1cuQOQyAftblP8i0W+PX2E3khl+0miskzNf2GPWOGDF2SpkaQni+it3XzrgTeG57
N3sf4TaFe5y73eL3aL9evgOkGItDOHV19p5K1QNVWCM2fXyJI5/a4lEVMJenJ3HV
ngyvJhOKTFfgieoCmBCN8xH57Qper4M1OW6TRZhrydIvxUSKRHpdIvt9X3xHlw21
Nmfo98OzcOEvNxaXPfKlMNylVba4iHbyQ98uA2E5XcFbxEQTFUxOyqkXbp8NaFJD
gtMOlKuV7xLDb/sVxi2/ZQbyFmkGfazrv1OdaYYROylcdwX2XoYgt4559GZOFD6+
TeG1tn2d1aAKB/aahHyJCcnZQdQ9itEIPUIAjy5zOgeBAm+CN/BASh73xdsbwiI7
bAE+IUsDscdxmD5YzVhs
=+Pwh
-----END PGP SIGNATURE-----
prev parent reply other threads:[~2013-12-13 16:14 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-05 21:04 [Qemu-devel] detecting -enable-fips Eric Blake
2013-12-13 16:05 ` Eric Blake
2013-12-13 16:14 ` Paolo Bonzini [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52AB3255.3020509@redhat.com \
--to=pbonzini@redhat.com \
--cc=eblake@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.