mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 21:55:25 +00:00
qemu_tpm: Extend start/stop APIs
This is basically just a continuation of the previous commit. Now that the security driver APIs have a boolean flag that controls setting/restoring seclabel of either both TPM state and log files, or just the log file, propagate this boolean into those APIs that start/stop swtpm emulator. For now, just pass true. The juicy bits are soon to come. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
parent
f3259f82fd
commit
3c2e55c5ed
@ -507,6 +507,7 @@ qemuSecurityRestoreNetdevLabel(virQEMUDriver *driver,
|
||||
* @cmd: the command to run
|
||||
* @uid: the uid to run the emulator
|
||||
* @gid: the gid to run the emulator
|
||||
* @setTPMStateLabel: whether TPM state should be labelled, or just logfile
|
||||
* @existstatus: pointer to int returning exit status of process
|
||||
* @cmdret: pointer to int returning result of virCommandRun
|
||||
*
|
||||
@ -523,6 +524,7 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
|
||||
virCommand *cmd,
|
||||
uid_t uid,
|
||||
gid_t gid,
|
||||
bool setTPMStateLabel,
|
||||
int *exitstatus,
|
||||
int *cmdret)
|
||||
{
|
||||
@ -535,7 +537,7 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
|
||||
transactionStarted = true;
|
||||
|
||||
if (virSecurityManagerSetTPMLabels(driver->securityManager,
|
||||
vm->def, true) < 0) {
|
||||
vm->def, setTPMStateLabel) < 0) {
|
||||
virSecurityManagerTransactionAbort(driver->securityManager);
|
||||
return -1;
|
||||
}
|
||||
@ -560,7 +562,8 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
|
||||
virSecurityManagerTransactionStart(driver->securityManager) >= 0)
|
||||
transactionStarted = true;
|
||||
|
||||
virSecurityManagerRestoreTPMLabels(driver->securityManager, vm->def, true);
|
||||
virSecurityManagerRestoreTPMLabels(driver->securityManager,
|
||||
vm->def, setTPMStateLabel);
|
||||
|
||||
if (transactionStarted &&
|
||||
virSecurityManagerTransactionCommit(driver->securityManager,
|
||||
@ -575,7 +578,8 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
|
||||
|
||||
void
|
||||
qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
|
||||
virDomainObj *vm)
|
||||
virDomainObj *vm,
|
||||
bool restoreTPMStateLabel)
|
||||
{
|
||||
qemuDomainObjPrivate *priv = vm->privateData;
|
||||
bool transactionStarted = false;
|
||||
@ -583,7 +587,8 @@ qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
|
||||
if (virSecurityManagerTransactionStart(driver->securityManager) >= 0)
|
||||
transactionStarted = true;
|
||||
|
||||
virSecurityManagerRestoreTPMLabels(driver->securityManager, vm->def, true);
|
||||
virSecurityManagerRestoreTPMLabels(driver->securityManager,
|
||||
vm->def, restoreTPMStateLabel);
|
||||
|
||||
if (transactionStarted &&
|
||||
virSecurityManagerTransactionCommit(driver->securityManager,
|
||||
|
@ -90,11 +90,13 @@ int qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
|
||||
virCommand *cmd,
|
||||
uid_t uid,
|
||||
gid_t gid,
|
||||
bool setTPMStateLabel,
|
||||
int *exitstatus,
|
||||
int *cmdret);
|
||||
|
||||
void qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
|
||||
virDomainObj *vm);
|
||||
virDomainObj *vm,
|
||||
bool restoreTPMStateLabel);
|
||||
|
||||
int qemuSecuritySetSavedStateLabel(virQEMUDriver *driver,
|
||||
virDomainObj *vm,
|
||||
|
@ -962,7 +962,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
|
||||
}
|
||||
} else if (qemuSecurityStartTPMEmulator(driver, vm, cmd,
|
||||
cfg->swtpm_user, cfg->swtpm_group,
|
||||
NULL, &cmdret) < 0) {
|
||||
true, NULL, &cmdret) < 0) {
|
||||
goto error;
|
||||
}
|
||||
|
||||
@ -1139,7 +1139,7 @@ qemuExtTPMStop(virQEMUDriver *driver,
|
||||
|
||||
qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName);
|
||||
if (!(outgoingMigration && qemuTPMHasSharedStorage(vm->def)))
|
||||
qemuSecurityCleanupTPMEmulator(driver, vm);
|
||||
qemuSecurityCleanupTPMEmulator(driver, vm, true);
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user