shaba/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 17:34:18 +03:00
Code Releases Activity

conf: Add/Allow parsing the encryption in the disk source

Browse Source 
Since the virStorageEncryptionPtr encryption; is a member of
 _virStorageSource it really should be allowed to be a subelement
of the disk <source> for various disk formats:

   Source{File|Dir|Block|Volume}
   SourceProtocol{RBD|ISCSI|NBD|Gluster|Simple|HTTP}

NB: Simple includes sheepdog, ftp, ftps, tftp

That way we can set up to allow the <encryption> element to be
formatted within the disk source, but we still need to be wary
from whence the element was read - see keep track and when it
comes to format the data, ensure it's written in the correct place.

Modify the qemuxml2argvtest to add a parse failure when there is an
<encryption> as a child of <disk> *and* an <encryption> as a child
of <source>.

The virschematest will read the new test files and validate from a
RNG viewpoint things are fine.
This commit is contained in:
John Ferlan 2017-09-14 09:32:57 -04:00
parent 8002d3cb1b
commit 37537a7c64
11 changed files with 420 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docs/formatdomain.html.in
View File

@ -2712,6 +2712,14 @@
attribute matching the key that was specified in the
secret object.
</dd>
<dd><span class="since">Since libvirt 3.9.0</span>, the
<code>encryption</code> can be a sub-element of the
<code>source</code> element for encrypted storage sources.
If present, specifies how the storage source is encrypted
See the
<a href="formatstorageencryption.html">Storage Encryption</a>
page for more information.
</dd>
</dl>
<p>
@ -3117,8 +3125,11 @@
<span class="since">Since 0.8.8</span>
</dd>
<dt><code>encryption</code></dt>
<dd>If present, specifies how the volume is encrypted. See
the <a href="formatstorageencryption.html">Storage Encryption</a> page
<dd>Starting with <span class="since">libvirt 3.9.0</span> the
<code>encryption</code> element is preferred to be a sub-element
of the <code>source</code> element. If present, specifies how the
volume is encrypted using "qcow". See the
<a href="formatstorageencryption.html">Storage Encryption</a> page
for more information.
</dd>
<dt><code>readonly</code></dt>

30
docs/schemas/domaincommon.rng
View File

@ -1471,6 +1471,9 @@
<optional>
<ref name="storageStartupPolicy"/>
</optional>
<optional>
<ref name="encryption"/>
</optional>
<zeroOrMore>
<ref name='devSeclabel'/>
</zeroOrMore>
@ -1492,6 +1495,9 @@
<optional>
<ref name="storageStartupPolicy"/>
</optional>
<optional>
<ref name="encryption"/>
</optional>
<zeroOrMore>
<ref name='devSeclabel'/>
</zeroOrMore>
@ -1511,6 +1517,9 @@
<optional>
<ref name="storageStartupPolicy"/>
</optional>
<optional>
<ref name="encryption"/>
</optional>
<empty/>
</element>
</optional>
@ -1583,6 +1592,9 @@
<optional>
<ref name="diskAuth"/>
</optional>
<optional>
<ref name="encryption"/>
</optional>
<empty/>
</interleave>
</element>
@ -1598,6 +1610,9 @@
<optional>
<ref name="diskAuth"/>
</optional>
<optional>
<ref name="encryption"/>
</optional>
</element>
</define>
@ -1611,6 +1626,9 @@
</attribute>
<attribute name="name"/>
<ref name="diskSourceNetworkHost"/>
<optional>
<ref name="encryption"/>
</optional>
</element>
</define>
@ -1626,6 +1644,9 @@
</attribute>
<attribute name="name"/>
<ref name="diskSourceNetworkHost"/>
<optional>
<ref name="encryption"/>
</optional>
</element>
</define>
@ -1638,6 +1659,9 @@
<attribute name="name"/>
</optional>
<ref name="diskSourceNetworkHost"/>
<optional>
<ref name="encryption"/>
</optional>
</element>
</define>
@ -1650,6 +1674,9 @@
<oneOrMore>
<ref name="diskSourceNetworkHost"/>
</oneOrMore>
<optional>
<ref name="encryption"/>
</optional>
</element>
</define>
@ -1708,6 +1735,9 @@
<optional>
<ref name="storageStartupPolicy"/>
</optional>
<optional>
<ref name="encryption"/>
</optional>
<zeroOrMore>
<ref name='devSeclabel'/>
</zeroOrMore>

68
src/conf/domain_conf.c
View File

@ -8301,6 +8301,29 @@ virDomainDiskSourceAuthParse(xmlNodePtr node,
}
static int
virDomainDiskSourceEncryptionParse(xmlNodePtr node,
virStorageEncryptionPtr *encryptionsrc)
{
xmlNodePtr child;
virStorageEncryptionPtr encryption = NULL;
for (child = node->children; child; child = child->next) {
if (child->type == XML_ELEMENT_NODE &&
virXMLNodeNameEqual(child, "encryption")) {
if (!(encryption = virStorageEncryptionParseNode(node->doc, child)))
return -1;
*encryptionsrc = encryption;
return 0;
}
}
return 0;
}
int
virDomainDiskSourceParse(xmlNodePtr node,
xmlXPathContextPtr ctxt,
@ -8341,6 +8364,9 @@ virDomainDiskSourceParse(xmlNodePtr node,
if (virDomainDiskSourceAuthParse(node, &src->auth) < 0)
goto cleanup;
if (virDomainDiskSourceEncryptionParse(node, &src->encryption) < 0)
goto cleanup;
/* People sometimes pass a bogus '' source path when they mean to omit the
* source element completely (e.g. CDROM without media). This is just a
* little compatibility check to help those broken apps */
@ -9000,6 +9026,18 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
if (def->src->auth)
def->src->authInherited = true;
/* Similarly for <encryption> - it's a child of <source> too
* and we cannot find in both places */
if (encryption && def->src->encryption) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("an <encryption> definition already found for "
"the <disk> definition"));
goto error;
}
if (def->src->encryption)
def->src->encryptionInherited = true;
source = true;
startupPolicy = virXMLPropString(cur, "startupPolicy");
@ -9081,11 +9119,18 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
virXMLNodeNameEqual(cur, "state")) {
/* Legacy back-compat. Don't add any more attributes here */
devaddr = virXMLPropString(cur, "devaddr");
} else if (encryption == NULL &&
} else if (!encryption &&
virXMLNodeNameEqual(cur, "encryption")) {
encryption = virStorageEncryptionParseNode(node->doc,
cur);
if (encryption == NULL)
/* If we've already parsed <source> and found an <encryption> child,
* then generate an error to avoid ambiguity */
if (def->src->encryptionInherited) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("an <encryption> definition already found for "
"disk source"));
goto error;
}
if (!(encryption = virStorageEncryptionParseNode(node->doc, cur)))
goto error;
} else if (!serial &&
virXMLNodeNameEqual(cur, "serial")) {
@ -9303,8 +9348,8 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
target = NULL;
if (authdef)
VIR_STEAL_PTR(def->src->auth, authdef);
def->src->encryption = encryption;
encryption = NULL;
if (encryption)
VIR_STEAL_PTR(def->src->encryption, encryption);
def->domain_name = domain_name;
domain_name = NULL;
def->serial = serial;
@ -22087,6 +22132,12 @@ virDomainDiskSourceFormatInternal(virBufferPtr buf,
goto error;
}
/* If we found encryption as a child of <source>, then format it
* as we found it. */
if (src->encryption && src->encryptionInherited &&
virStorageEncryptionFormat(&childBuf, src->encryption) < 0)
return -1;
if (virXMLFormatElement(buf, "source", &attrBuf, &childBuf) < 0)
goto error;
}
@ -22406,7 +22457,10 @@ virDomainDiskDefFormat(virBufferPtr buf,
virBufferEscapeString(buf, "<wwn>%s</wwn>\n", def->wwn);
virBufferEscapeString(buf, "<vendor>%s</vendor>\n", def->vendor);
virBufferEscapeString(buf, "<product>%s</product>\n", def->product);
if (def->src->encryption &&
/* If originally found as a child of <disk>, then format thusly;
* otherwise, will be formatted as child of <source> */
if (def->src->encryption && !def->src->encryptionInherited &&
virStorageEncryptionFormat(buf, def->src->encryption) < 0)
return -1;
virDomainDeviceInfoFormat(buf, &def->info,

1
src/util/virstoragefile.h
View File

@ -242,6 +242,7 @@ struct _virStorageSource {
virStorageAuthDefPtr auth;
bool authInherited;
virStorageEncryptionPtr encryption;
bool encryptionInherited;
virObjectPtr privateData;

40
tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source-both.xml Normal file
View File

@ -0,0 +1,40 @@
<domain type='qemu'>
<name>encryptdisk</name>
<uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
<memory unit='KiB'>1048576</memory>
<currentMemory unit='KiB'>524288</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='pc-i440fx-2.1'>hvm</type>
<boot dev='hd'/>
</os>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk'>
<encryption format='luks'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
<target dev='vda' bus='virtio'/>
<encryption format='luks'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</disk>
<controller type='usb' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pci-root'/>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</memballoon>
</devices>
</domain>

62
tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.args Normal file
View File

@ -0,0 +1,62 @@
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-x86_64 \
-name encryptdisk \
-S \
-object secret,id=masterKey0,format=raw,\
file=/tmp/lib/domain--1-encryptdisk/master-key.aes \
-M pc-i440fx-2.1 \
-m 1024 \
-smp 1,sockets=1,cores=1,threads=1 \
-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \
-nographic \
-nodefaults \
-chardev socket,id=charmonitor,\
path=/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \
-mon chardev=charmonitor,id=monitor,mode=readline \
-no-acpi \
-boot c \
-usb \
-object secret,id=virtio-disk0-luks-secret0,\
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-drive file=/storage/guest_disks/encryptdisk,\
key-secret=virtio-disk0-luks-secret0,format=luks,if=none,id=drive-virtio-disk0 \
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
id=virtio-disk0 \
-object secret,id=virtio-disk1-luks-secret0,\
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-drive file=/storage/guest_disks/encryptdisk2,\
key-secret=virtio-disk1-luks-secret0,format=luks,if=none,id=drive-virtio-disk1 \
-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,\
id=virtio-disk1 \
-object secret,id=virtio-disk2-luks-secret0,\
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-drive file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org:\
6000/iqn.1992-01.com.example%3Astorage/1,key-secret=virtio-disk2-luks-secret0,\
format=luks,if=none,id=drive-virtio-disk2 \
-device virtio-blk-pci,bus=pci.0,addr=0x6,drive=drive-virtio-disk2,\
id=virtio-disk2 \
-object secret,id=virtio-disk3-luks-secret0,\
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-drive file=iscsi://iscsi.example.com:3260/demo-target/3,\
key-secret=virtio-disk3-luks-secret0,format=luks,if=none,id=drive-virtio-disk3 \
-device virtio-blk-pci,bus=pci.0,addr=0x7,drive=drive-virtio-disk3,\
id=virtio-disk3 \
-object secret,id=virtio-disk4-luks-secret0,\
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-drive 'file=rbd:pool/image:auth_supported=none:mon_host=mon1.example.org\:\
6321\;mon2.example.org\:6322\;mon3.example.org\:6322,\
key-secret=virtio-disk4-luks-secret0,format=luks,if=none,\
id=drive-virtio-disk4' \
-device virtio-blk-pci,bus=pci.0,addr=0x8,drive=drive-virtio-disk4,\
id=virtio-disk4 \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3

81
tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.xml Normal file
View File

@ -0,0 +1,81 @@
<domain type='qemu'>
<name>encryptdisk</name>
<uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
<memory unit='KiB'>1048576</memory>
<currentMemory unit='KiB'>524288</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='pc-i440fx-2.1'>hvm</type>
<boot dev='hd'/>
</os>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk'>
<encryption format='luks'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
<target dev='vda' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</disk>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk2'>
<encryption format='luks'>
<secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
</encryption>
</source>
<target dev='vdb' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</disk>
<disk type='network' device='disk'>
<driver name='qemu' type='raw'/>
<source protocol='iscsi' name='iqn.1992-01.com.example:storage/1'>
<host name='example.org' port='6000'/>
<auth username='myname'>
<secret type='iscsi' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80e80'/>
</auth>
<encryption format='luks'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f77'/>
</encryption>
</source>
<target dev='vdc' bus='virtio'/>
</disk>
<disk type='volume' device='disk'>
<driver name='qemu' type='raw'/>
<source pool='pool-iscsi' volume='unit:0:0:3' mode='direct'>
<encryption format='luks'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f80'/>
</encryption>
</source>
<target dev='vdd' bus='virtio'/>
</disk>
<disk type='network' device='disk'>
<driver name='qemu' type='raw'/>
<source protocol='rbd' name='pool/image'>
<host name='mon1.example.org' port='6321'/>
<host name='mon2.example.org' port='6322'/>
<host name='mon3.example.org' port='6322'/>
<encryption format='luks'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/>
</encryption>
</source>
<target dev='vde' bus='virtio'/>
</disk>
<controller type='usb' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pci-root'/>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</memballoon>
</devices>
</domain>

2
tests/qemuxml2argvtest.c
View File

@ -1666,10 +1666,12 @@ mymain(void)
DO_TEST("encrypted-disk-usage", NONE);
# ifdef HAVE_GNUTLS_CIPHER_ENCRYPT
DO_TEST("luks-disks", QEMU_CAPS_OBJECT_SECRET);
DO_TEST("luks-disks-source", QEMU_CAPS_OBJECT_SECRET);
# else
DO_TEST_FAILURE("luks-disks", QEMU_CAPS_OBJECT_SECRET);
# endif
DO_TEST_PARSE_ERROR("luks-disk-invalid", NONE);
DO_TEST_PARSE_ERROR("luks-disks-source-both", QEMU_CAPS_OBJECT_SECRET);
DO_TEST("memtune", NONE);
DO_TEST("memtune-unlimited", NONE);

84
tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks-source.xml Normal file
View File

@ -0,0 +1,84 @@
<domain type='qemu'>
<name>encryptdisk</name>
<uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
<memory unit='KiB'>1048576</memory>
<currentMemory unit='KiB'>524288</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='pc-i440fx-2.1'>hvm</type>
<boot dev='hd'/>
</os>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk'>
<encryption format='luks'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
<target dev='vda' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</disk>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk2'>
<encryption format='luks'>
<secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
</encryption>
</source>
<target dev='vdb' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</disk>
<disk type='network' device='disk'>
<driver name='qemu' type='raw'/>
<source protocol='iscsi' name='iqn.1992-01.com.example:storage/1'>
<host name='example.org' port='6000'/>
<auth username='myname'>
<secret type='iscsi' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80e80'/>
</auth>
<encryption format='luks'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f77'/>
</encryption>
</source>
<target dev='vdc' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</disk>
<disk type='volume' device='disk'>
<driver name='qemu' type='raw'/>
<source pool='pool-iscsi' volume='unit:0:0:3' mode='direct'>
<encryption format='luks'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f80'/>
</encryption>
</source>
<target dev='vdd' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</disk>
<disk type='network' device='disk'>
<driver name='qemu' type='raw'/>
<source protocol='rbd' name='pool/image'>
<host name='mon1.example.org' port='6321'/>
<host name='mon2.example.org' port='6322'/>
<host name='mon3.example.org' port='6322'/>
<encryption format='luks'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/>
</encryption>
</source>
<target dev='vde' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
</disk>
<controller type='usb' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pci-root'/>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</memballoon>
</devices>
</domain>

1
tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml
View File

@ -1 +0,0 @@
../qemuxml2argvdata/qemuxml2argv-luks-disks.xml

45
tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml Normal file
View File

@ -0,0 +1,45 @@
<domain type='qemu'>
<name>encryptdisk</name>
<uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
<memory unit='KiB'>1048576</memory>
<currentMemory unit='KiB'>524288</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='pc-i440fx-2.1'>hvm</type>
<boot dev='hd'/>
</os>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk'/>
<target dev='vda' bus='virtio'/>
<encryption format='luks'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</disk>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk2'/>
<target dev='vdb' bus='virtio'/>
<encryption format='luks'>
<secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
</encryption>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</disk>
<controller type='usb' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pci-root'/>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</memballoon>
</devices>
</domain>

1
tests/qemuxml2xmltest.c
View File

@ -625,6 +625,7 @@ mymain(void)
DO_TEST("encrypted-disk", NONE);
DO_TEST("encrypted-disk-usage", NONE);
DO_TEST("luks-disks", NONE);
DO_TEST("luks-disks-source", NONE);
DO_TEST("memtune", NONE);
DO_TEST("memtune-unlimited", NONE);
DO_TEST("blkiotune", NONE);