[Qemu-devel] detecting -enable-fips

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Eric Blake <eblake@redhat.com>
To: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Subject: [Qemu-devel] detecting -enable-fips
Date: Thu, 05 Dec 2013 14:04:13 -0700	[thread overview]
Message-ID: <52A0EA4D.1020606@redhat.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 1094 bytes --]

Commit 0f66998 added the command line option -enable-fips for qemu 1.2;
but as of at least qemu 1.6, the 'query-command-line-options' QMP
monitor command does not report it.  This is particularly annoying since
the command line option is conditional - it is present in Linux builds
but absent in BSD builds.  Does anyone know of any other QMP method for
querying if this command line option is supported?  Or am I just
relegated to trying it and seeing if the option gets rejected?

[I'm personally of the opinion that libvirt should use -enable-fips 100%
of the time; I don't really see what it is buying us to have an option
that can be enabled but not disabled, and where enabling it has no
impact except when running in FIPS mode; especially when the other
libraries in use on the system already honor FIPS mode without any extra
command line option.  But I'm not going to be the one to argue for a
change in behavior other than the mere detection of the option.]

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 621 bytes --]

next             reply	other threads:[~2013-12-05 21:04 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-12-05 21:04 Eric Blake [this message]
2013-12-13 16:05 ` [Qemu-devel] detecting -enable-fips Eric Blake
2013-12-13 16:14 ` Paolo Bonzini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=52A0EA4D.1020606@redhat.com \
    --to=eblake@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).