External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-02 09:55:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu_tpm: Restore TPM labels on failed start

Browse Source 
If swtpm binary fails to start after successful exec() (e.g. it
fails to initialize itself), the seclabels set in
qemuSecurityStartTPMEmulator() are not restored. This is due to
lacking qemuSecurityRestoreTPMLabels() call in the error path.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
This commit is contained in:
Michal Privoznik 2022-12-14 15:12:38 +01:00
parent bdbb8e7b00
commit c0c52a9519
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/qemu/qemu_tpm.c
View File

@ -927,6 +927,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
virTimeBackOffVar timebackoff; virTimeBackOffVar timebackoff;
const unsigned long long timeout = 1000; /* ms */ const unsigned long long timeout = 1000; /* ms */
bool setTPMStateLabel = true; bool setTPMStateLabel = true;
bool teardownlabel = false;
int cmdret = 0; int cmdret = 0;
pid_t pid = -1; pid_t pid = -1;
@ -970,6 +971,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
* already reported error. */ * already reported error. */
goto error; goto error;
} }
teardownlabel = true;
if (virPidFileReadPath(pidfile, &pid) < 0) { if (virPidFileReadPath(pidfile, &pid) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@ -1012,6 +1014,8 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
virProcessKillPainfully(pid, true); virProcessKillPainfully(pid, true);
if (pidfile) if (pidfile)
unlink(pidfile); unlink(pidfile);
if (teardownlabel)
qemuSecurityRestoreTPMLabels(driver, vm, setTPMStateLabel);
return -1; return -1;
} }