|
 |
acda74 |
From 01d7e15c8c4a33a379e8297182dc474bb2046d2a Mon Sep 17 00:00:00 2001
|
|
|
acda74 |
Message-Id: <01d7e15c8c4a33a379e8297182dc474bb2046d2a@dist-git>
|
|
|
acda74 |
From: Michal Privoznik <mprivozn@redhat.com>
|
|
|
acda74 |
Date: Fri, 27 Jan 2023 10:46:55 +0100
|
|
|
acda74 |
Subject: [PATCH] qemuExtTPMStop: Restore TPM state label more often
|
|
|
acda74 |
MIME-Version: 1.0
|
|
|
acda74 |
Content-Type: text/plain; charset=UTF-8
|
|
|
acda74 |
Content-Transfer-Encoding: 8bit
|
|
|
acda74 |
|
|
|
acda74 |
When stopping swtpm we can restore the label either on just the
|
|
|
acda74 |
swtpm's domain specific logfile (/var/log/swtpm/libvirt/qemu/...),
|
|
|
acda74 |
or on the logfile and the state too (/var/lib/libvirt/swtpm/...).
|
|
|
acda74 |
|
|
|
acda74 |
The deciding factor is whether the guest is stopped because of
|
|
|
acda74 |
outgoing migration OR the state is on a shared filesystem.
|
|
|
acda74 |
|
|
|
acda74 |
But this is not correct condition, because for instance saving the
|
|
|
acda74 |
guest into a file (virsh save) is also an outgoing migration.
|
|
|
acda74 |
Alternatively, when the swtpm state is stored on a shared
|
|
|
acda74 |
filesystem, but the guest is destroyed (virsh destroy), i.e.
|
|
|
acda74 |
stopped because of different reason than migration, we want to
|
|
|
acda74 |
restore the seclabels.
|
|
|
acda74 |
|
|
|
acda74 |
The correct condition is: skip restoring the state on outgoing
|
|
|
acda74 |
migration AND shared filesystem.
|
|
|
acda74 |
|
|
|
acda74 |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2161557
|
|
|
acda74 |
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
acda74 |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
|
acda74 |
(cherry picked from commit 794fddf866676ef4119b3acf43b5547a9e868bb9)
|
|
|
acda74 |
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
acda74 |
---
|
|
|
acda74 |
src/qemu/qemu_tpm.c | 2 +-
|
|
|
acda74 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
acda74 |
|
|
|
acda74 |
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
|
|
|
acda74 |
index b2748eb6a4..5831ffc32e 100644
|
|
|
acda74 |
--- a/src/qemu/qemu_tpm.c
|
|
|
acda74 |
+++ b/src/qemu/qemu_tpm.c
|
|
|
acda74 |
@@ -1142,7 +1142,7 @@ qemuExtTPMStop(virQEMUDriver *driver,
|
|
|
acda74 |
return;
|
|
|
acda74 |
|
|
|
acda74 |
qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName);
|
|
|
acda74 |
- if (outgoingMigration || qemuTPMHasSharedStorage(vm->def))
|
|
|
acda74 |
+ if (outgoingMigration && qemuTPMHasSharedStorage(vm->def))
|
|
|
acda74 |
restoreTPMStateLabel = false;
|
|
|
acda74 |
|
|
|
acda74 |
if (qemuSecurityRestoreTPMLabels(driver, vm, restoreTPMStateLabel) < 0)
|
|
|
acda74 |
--
|
|
|
acda74 |
2.39.1
|
|
|
acda74 |
|