External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 05:35:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: Pass virQEMUDriverConfig rather than some of its fields

Browse Source 
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Stefan Berger 2024-11-13 12:39:42 -05:00 committed by Michal Privoznik
parent 8bba15bdc1
commit 279b14cb81
1 changed files with 20 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
src/qemu/qemu_tpm.c
View File

@ -372,9 +372,7 @@ qemuTPMGetSwtpmSetupStateArg(const virDomainTPMSourceType source_type,
* @vmname: the name of the VM * @vmname: the name of the VM
* @vmuuid: the UUID of the VM * @vmuuid: the UUID of the VM
* @privileged: whether we are running in privileged mode * @privileged: whether we are running in privileged mode
* @swtpm_user: The userid to switch to when setting up the TPM; * @cfg: virQEMUDriverConfig
* typically this should be the uid of 'tss' or 'root'
* @swtpm_group: The group id to switch to
* @secretuuid: UUID describing virStorageEncryption holding secret * @secretuuid: UUID describing virStorageEncryption holding secret
* @incomingMigration: whether we have an incoming migration * @incomingMigration: whether we have an incoming migration
* *
@ -386,8 +384,7 @@ qemuTPMEmulatorRunSetup(const virDomainTPMEmulatorDef *emulator,
const char *vmname, const char *vmname,
const unsigned char *vmuuid, const unsigned char *vmuuid,
bool privileged, bool privileged,
uid_t swtpm_user, const virQEMUDriverConfig *cfg,
gid_t swtpm_group,
const unsigned char *secretuuid, const unsigned char *secretuuid,
bool incomingMigration) bool incomingMigration)
{ {
@ -416,8 +413,8 @@ qemuTPMEmulatorRunSetup(const virDomainTPMEmulatorDef *emulator,
virUUIDFormat(vmuuid, uuid); virUUIDFormat(vmuuid, uuid);
vmid = g_strdup_printf("%s:%s", vmname, uuid); vmid = g_strdup_printf("%s:%s", vmname, uuid);
virCommandSetUID(cmd, swtpm_user); virCommandSetUID(cmd, cfg->swtpm_user); /* should be uid of 'tss' or 'root' */
virCommandSetGID(cmd, swtpm_group); virCommandSetGID(cmd, cfg->swtpm_group);
switch (emulator->version) { switch (emulator->version) {
case VIR_DOMAIN_TPM_VERSION_1_2: case VIR_DOMAIN_TPM_VERSION_1_2:
@ -487,17 +484,14 @@ qemuTPMPcrBankBitmapToStr(virBitmap *activePcrBanks)
* qemuTPMEmulatorReconfigure * qemuTPMEmulatorReconfigure
* *
* @emulator: emulator parameters * @emulator: emulator parameters
* @swtpm_user: The userid to switch to when setting up the TPM; * @cfg: virQEMUDriverConfig
* typically this should be the uid of 'tss' or 'root'
* @swtpm_group: The group id to switch to
* @secretuuid: The secret's UUID needed for state encryption * @secretuuid: The secret's UUID needed for state encryption
* *
* Reconfigure the active PCR banks of a TPM 2. * Reconfigure the active PCR banks of a TPM 2.
*/ */
static int static int
qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorDef *emulator, qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorDef *emulator,
uid_t swtpm_user, const virQEMUDriverConfig *cfg,
gid_t swtpm_group,
const unsigned char *secretuuid) const unsigned char *secretuuid)
{ {
g_autoptr(virCommand) cmd = NULL; g_autoptr(virCommand) cmd = NULL;
@ -517,8 +511,8 @@ qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorDef *emulator,
cmd = virCommandNew(swtpm_setup); cmd = virCommandNew(swtpm_setup);
virCommandSetUID(cmd, swtpm_user); virCommandSetUID(cmd, cfg->swtpm_user); /* should be uid of 'tss' or 'root' */
virCommandSetGID(cmd, swtpm_group); virCommandSetGID(cmd, cfg->swtpm_group);
virCommandAddArgList(cmd, "--tpm2", NULL); virCommandAddArgList(cmd, "--tpm2", NULL);
@ -552,9 +546,7 @@ qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorDef *emulator,
* @vmname: The name of the VM * @vmname: The name of the VM
* @vmuuid: The UUID of the VM * @vmuuid: The UUID of the VM
* @privileged: whether we are running in privileged mode * @privileged: whether we are running in privileged mode
* @swtpm_user: The uid for the swtpm to run as (drop privileges to from root) * @cfg: virQEMUDriverConfig
* @swtpm_group: The gid for the swtpm to run as
* @sharedFilesystems: list of filesystem to consider shared
* @incomingMigration: whether we have an incoming migration * @incomingMigration: whether we have an incoming migration
* *
* Create the virCommand use for starting the emulator * Create the virCommand use for starting the emulator
@ -566,9 +558,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
const char *vmname, const char *vmname,
const unsigned char *vmuuid, const unsigned char *vmuuid,
bool privileged, bool privileged,
uid_t swtpm_user, const virQEMUDriverConfig *cfg,
gid_t swtpm_group,
char *const *sharedFilesystems,
bool incomingMigration) bool incomingMigration)
{ {
g_autoptr(virCommand) cmd = NULL; g_autoptr(virCommand) cmd = NULL;
@ -599,12 +589,14 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
/* Do not create storage and run swtpm_setup on incoming migration over /* Do not create storage and run swtpm_setup on incoming migration over
* shared storage * shared storage
*/ */
on_shared_storage = virFileIsSharedFS(tpm->data.emulator.source_path, sharedFilesystems) == 1; on_shared_storage = virFileIsSharedFS(tpm->data.emulator.source_path,
cfg->sharedFilesystems) == 1;
if (incomingMigration && on_shared_storage) if (incomingMigration && on_shared_storage)
create_storage = false; create_storage = false;
if (create_storage) { if (create_storage) {
if (qemuTPMEmulatorCreateStorage(tpm, &created, swtpm_user, swtpm_group) < 0) if (qemuTPMEmulatorCreateStorage(tpm, &created,
cfg->swtpm_user, cfg->swtpm_group) < 0)
return NULL; return NULL;
run_setup = created; run_setup = created;
} }
@ -614,14 +606,12 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
if (run_setup && if (run_setup &&
qemuTPMEmulatorRunSetup(&tpm->data.emulator, vmname, vmuuid, qemuTPMEmulatorRunSetup(&tpm->data.emulator, vmname, vmuuid,
privileged, swtpm_user, swtpm_group, privileged, cfg, secretuuid,
secretuuid, incomingMigration) < 0) incomingMigration) < 0)
goto error; goto error;
if (!incomingMigration && if (!incomingMigration &&
qemuTPMEmulatorReconfigure(&tpm->data.emulator, qemuTPMEmulatorReconfigure(&tpm->data.emulator, cfg, secretuuid) < 0)
swtpm_user, swtpm_group,
secretuuid) < 0)
goto error; goto error;
unlink(tpm->data.emulator.source->data.nix.path); unlink(tpm->data.emulator.source->data.nix.path);
@ -657,8 +647,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
virCommandAddArg(cmd, "--terminate"); virCommandAddArg(cmd, "--terminate");
virCommandSetUID(cmd, swtpm_user); virCommandSetUID(cmd, cfg->swtpm_user);
virCommandSetGID(cmd, swtpm_group); virCommandSetGID(cmd, cfg->swtpm_group);
switch (tpm->data.emulator.version) { switch (tpm->data.emulator.version) {
case VIR_DOMAIN_TPM_VERSION_1_2: case VIR_DOMAIN_TPM_VERSION_1_2:
@ -979,9 +969,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
if (!(cmd = qemuTPMEmulatorBuildCommand(tpm, vm->def->name, vm->def->uuid, if (!(cmd = qemuTPMEmulatorBuildCommand(tpm, vm->def->name, vm->def->uuid,
driver->privileged, driver->privileged,
cfg->swtpm_user, cfg,
cfg->swtpm_group,
cfg->sharedFilesystems,
incomingMigration))) incomingMigration)))
return -1; return -1;