From 1c78675c6c41380d387967536ad55410fcb2acde Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Tue, 13 Jul 2021 14:38:32 -0400
Subject: [PATCH] virt-aa-helper: Allow swtpm to fsync on dir

Allow swtpm (0.7.0 or later) to fsync on the directory where it writes
its state files into so that "the entry in the directory containing the
file has also reached disk" (fsync(2)).

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Neal Gompa <ngompa13@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/virt-aa-helper.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 52cfebf6e0..e21557c810 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1250,8 +1250,11 @@ get_files(vahControl * ctl)
                 "  \"%s/libvirt/qemu/swtpm/%s-swtpm.sock\" rw,\n",
                 RUNSTATEDIR, shortName);
             /* Paths for swtpm to use: give it access to its state
-             * directory, log, and PID files.
+             * directory (state files and fsync on dir), log, and PID files.
              */
+            virBufferAsprintf(&buf,
+                "  \"%s/lib/libvirt/swtpm/%s/%s/\" r,\n",
+                LOCALSTATEDIR, uuidstr, tpmpath);
             virBufferAsprintf(&buf,
                 "  \"%s/lib/libvirt/swtpm/%s/%s/**\" rwk,\n",
                 LOCALSTATEDIR, uuidstr, tpmpath);