qemu_tpm: Extend start/stop APIs

This is basically just a continuation of the previous commit.
Now that the security driver APIs have a boolean flag that
controls setting/restoring seclabel of either both TPM state and
log files, or just the log file, propagate this boolean into
those APIs that start/stop swtpm emulator. For now, just pass
true. The juicy bits are soon to come.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index d9a1ee5f565a8018f800ee4a2edb1c7d63eee689..def40614883eca326f6d7383f33188e542b1669b 100644 (file)
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -507,6 +507,7 @@ qemuSecurityRestoreNetdevLabel(virQEMUDriver *driver,
  * @cmd: the command to run
  * @uid: the uid to run the emulator
  * @gid: the gid to run the emulator
+ * @setTPMStateLabel: whether TPM state should be labelled, or just logfile
  * @existstatus: pointer to int returning exit status of process
  * @cmdret: pointer to int returning result of virCommandRun
  *
@@ -523,6 +524,7 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
                              virCommand *cmd,
                              uid_t uid,
                              gid_t gid,
+                             bool setTPMStateLabel,
                              int *exitstatus,
                              int *cmdret)
 {
@@ -535,7 +537,7 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
     transactionStarted = true;
 
     if (virSecurityManagerSetTPMLabels(driver->securityManager,
-                                       vm->def, true) < 0) {
+                                       vm->def, setTPMStateLabel) < 0) {
         virSecurityManagerTransactionAbort(driver->securityManager);
         return -1;
     }
@@ -560,7 +562,8 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
         virSecurityManagerTransactionStart(driver->securityManager) >= 0)
         transactionStarted = true;
 
-    virSecurityManagerRestoreTPMLabels(driver->securityManager, vm->def, true);
+    virSecurityManagerRestoreTPMLabels(driver->securityManager,
+                                       vm->def, setTPMStateLabel);
 
     if (transactionStarted &&
         virSecurityManagerTransactionCommit(driver->securityManager,
@@ -575,7 +578,8 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
 
 void
 qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
-                               virDomainObj *vm)
+                               virDomainObj *vm,
+                               bool restoreTPMStateLabel)
 {
     qemuDomainObjPrivate *priv = vm->privateData;
     bool transactionStarted = false;
@@ -583,7 +587,8 @@ qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
     if (virSecurityManagerTransactionStart(driver->securityManager) >= 0)
         transactionStarted = true;
 
-    virSecurityManagerRestoreTPMLabels(driver->securityManager, vm->def, true);
+    virSecurityManagerRestoreTPMLabels(driver->securityManager,
+                                       vm->def, restoreTPMStateLabel);
 
     if (transactionStarted &&
         virSecurityManagerTransactionCommit(driver->securityManager,

diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index e01d4699e6b58e611eb62824aad85bcfb7f33781..969a47fc1787e4fd0cf60ce45b34f35fa4e476b6 100644 (file)
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -90,11 +90,13 @@ int qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
                                  virCommand *cmd,
                                  uid_t uid,
                                  gid_t gid,
+                                 bool setTPMStateLabel,
                                  int *exitstatus,
                                  int *cmdret);
 
 void qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
-                                    virDomainObj *vm);
+                                    virDomainObj *vm,
+                                    bool restoreTPMStateLabel);
 
 int qemuSecuritySetSavedStateLabel(virQEMUDriver *driver,
                                    virDomainObj *vm,

diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index d2f5bfb05535e7938217fea0920fd66dfa46fbf0..8dba716ef226d36ce05afcb55dbbfd7afdf9eb4b 100644 (file)
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -962,7 +962,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
         }
     } else if (qemuSecurityStartTPMEmulator(driver, vm, cmd,
                                             cfg->swtpm_user, cfg->swtpm_group,
-                                            NULL, &cmdret) < 0) {
+                                            true, NULL, &cmdret) < 0) {
         goto error;
     }
 
@@ -1139,7 +1139,7 @@ qemuExtTPMStop(virQEMUDriver *driver,
 
     qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName);
     if (!(outgoingMigration && qemuTPMHasSharedStorage(vm->def)))
-        qemuSecurityCleanupTPMEmulator(driver, vm);
+        qemuSecurityCleanupTPMEmulator(driver, vm, true);
 }