openkylin
/
libvirt
mirror of https://gitee.com/openkylin/libvirt.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

qemu_tpm: Restore TPM labels on failed start 

If swtpm binary fails to start after successful exec() (e.g. it
fails to initialize itself), the seclabels set in
qemuSecurityStartTPMEmulator() are not restored. This is due to
lacking qemuSecurityRestoreTPMLabels() call in the error path.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
This commit is contained in:
Michal Privoznik 2022-12-14 15:12:38 +01:00
parent bdbb8e7b00
commit c0c52a9519
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/qemu/qemu_tpm.c
View File

@ -927,6 +927,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
virTimeBackOffVar timebackoff;
const unsigned long long timeout = 1000; /* ms */
bool setTPMStateLabel = true;
bool teardownlabel = false;
int cmdret = 0;
pid_t pid = -1;
@ -970,6 +971,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
* already reported error. */
goto error;
}
teardownlabel = true;
if (virPidFileReadPath(pidfile, &pid) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@ -1012,6 +1014,8 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
virProcessKillPainfully(pid, true);
if (pidfile)
unlink(pidfile);
if (teardownlabel)
qemuSecurityRestoreTPMLabels(driver, vm, setTPMStateLabel);
return -1;
}