• J
    qemu: Introduce qemuDomainSecretPrepare and Destroy · 40d8e2ba
    John Ferlan 提交于
    Rather than needing to pass the conn parameter to various command
    line building API's, add qemuDomainSecretPrepare just prior to the
    qemuProcessLaunch which calls qemuBuilCommandLine. The function
    must be called after qemuProcessPrepareHost since it's expected
    to eventually need the domain masterKey generated during the prepare
    host call. Additionally, future patches may require device aliases
    (assigned during the prepare domain call) in order to associate
    the secret objects.
    
    The qemuDomainSecretDestroy is called after the qemuProcessLaunch
    finishes in order to clear and free memory used by the secrets
    that were recently prepared, so they are not kept around in memory
    too long.
    
    Placing the setup here is beneficial for future patches which will
    need the domain masterKey in order to generate an encrypted secret
    along with an initialization vector to be saved and passed (since
    the masterKey shouldn't be passed around).
    
    Finally, since the secret is not added during command line build,
    the hotplug code will need to get the secret into the private disk data.
    Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
    40d8e2ba
qemu_process.c 203.1 KB