qemu_security: Introduce qemuSecuritySetTPMLabels()

Now that we have qemuSecurityRestoreTPMLabels() we might as well
have qemuSecuritySetTPMLabels(). The aim here is to remove
qemuSecurityStartTPMEmulator() which couples two separate things
into a single function call.

Therefore, introduce qemuSecuritySetTPMLabels() which does only
set seclabels on the TPM state.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>

diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 82d686b0e3dd21d8dd1728fefdf2aedd139eb0a4..daf01bb803a0ec1263e76b0154e466939a6c4475 100644 (file)
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -576,6 +576,32 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
 }
 
 
+int
+qemuSecuritySetTPMLabels(virQEMUDriver *driver,
+                         virDomainObj *vm,
+                         bool setTPMStateLabel)
+{
+    qemuDomainObjPrivate *priv = vm->privateData;
+    int ret = -1;
+
+    if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
+        goto cleanup;
+
+    if (virSecurityManagerSetTPMLabels(driver->securityManager,
+                                       vm->def, setTPMStateLabel) < 0)
+        goto cleanup;
+
+    if (virSecurityManagerTransactionCommit(driver->securityManager,
+                                            -1, priv->rememberOwner) < 0)
+        goto cleanup;
+
+    ret = 0;
+ cleanup:
+    virSecurityManagerTransactionAbort(driver->securityManager);
+    return ret;
+}
+
+
 int
 qemuSecurityRestoreTPMLabels(virQEMUDriver *driver,
                              virDomainObj *vm,

diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index b6f917a62fa6ce2b72a5dccde19ca1c7c12e274b..198f8ef0d401e5967cee6ab757defefdc44fc5a6 100644 (file)
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -94,6 +94,10 @@ int qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
                                  int *exitstatus,
                                  int *cmdret);
 
+int qemuSecuritySetTPMLabels(virQEMUDriver *driver,
+                             virDomainObj *vm,
+                             bool setTPMStateLabel);
+
 int qemuSecurityRestoreTPMLabels(virQEMUDriver *driver,
                                  virDomainObj *vm,
                                  bool restoreTPMStateLabel);