[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] detecting -enable-fips
|
From: |
Eric Blake |
|
Subject: |
[Qemu-devel] detecting -enable-fips |
|
Date: |
Thu, 05 Dec 2013 14:04:13 -0700 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 |
Commit 0f66998 added the command line option -enable-fips for qemu 1.2;
but as of at least qemu 1.6, the 'query-command-line-options' QMP
monitor command does not report it. This is particularly annoying since
the command line option is conditional - it is present in Linux builds
but absent in BSD builds. Does anyone know of any other QMP method for
querying if this command line option is supported? Or am I just
relegated to trying it and seeing if the option gets rejected?
[I'm personally of the opinion that libvirt should use -enable-fips 100%
of the time; I don't really see what it is buying us to have an option
that can be enabled but not disabled, and where enabling it has no
impact except when running in FIPS mode; especially when the other
libraries in use on the system already honor FIPS mode without any extra
command line option. But I'm not going to be the one to argue for a
change in behavior other than the mere detection of the option.]
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
- [Qemu-devel] detecting -enable-fips,
Eric Blake <=