git.ipfire.org Git - thirdparty/systemd.git/commit

author	Lennart Poettering <lennart@poettering.net>
	Wed, 19 Mar 2025 13:48:35 +0000 (14:48 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Thu, 20 Mar 2025 13:30:00 +0000 (14:30 +0100)
commit	6fd253753c40e7fbafe2e9a4e64010f9881c1bbb
tree	eb81d6c8f05fd75f372de5aa35c5062be3fad3e1	tree \| snapshot
parent	6e529860ba57e6b7f9b7b19950da0b25960505a8	commit \| diff

vmspawn: allow TPM state to be persistent + rework runtime dir logic

When using vmspawn on particleos image we really want that the TPM state
is retained between invocation, since the encryption key is locked to
the TPM after all. Hence let's support that.

This adds --tpm-state= which can be used to configure a path to store
the TPM state in. It can also be used to force tpm state to be transient
or to let vmpsawn pick the path automatically.

While we are at it, let's also revamp the runtime dir handling in
vmspawn: let's no longer place the sockets the auxiliary services listen
on within their own runtime directories. Instead, just drop the runtime
directories for them entirely (since neither virtiofsd, nor swtpm
actually use them). Also, let systemd clean up the sockets
automatically.

man/systemd-vmspawn.xml		diff \| blob \| blame \| history
src/vmspawn/vmspawn-scope.c		diff \| blob \| blame \| history
src/vmspawn/vmspawn-scope.h		diff \| blob \| blame \| history
src/vmspawn/vmspawn.c		diff \| blob \| blame \| history