52 lines
1.8 KiB
Diff
52 lines
1.8 KiB
Diff
From dc905fbc1f420a8d7856d9ff7f27b3faae352098 Mon Sep 17 00:00:00 2001
|
|
Message-Id: <dc905fbc1f420a8d7856d9ff7f27b3faae352098@dist-git>
|
|
From: Erik Skultety <eskultet@redhat.com>
|
|
Date: Thu, 3 Jan 2019 10:03:46 +0100
|
|
Subject: [PATCH] qemu: process: SEV: Relabel guest owner's SEV files created
|
|
before start
|
|
|
|
Before launching a SEV guest we take the base64-encoded guest owner's
|
|
data specified in launchSecurity and create files with the same content
|
|
under /var/lib/libvirt/qemu/<domain>. The reason for this is that we
|
|
need to pass these files on to QEMU which then uses them to communicate
|
|
with the SEV firmware, except when it doesn't have permissions to open
|
|
those files since we don't relabel them.
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1658112
|
|
|
|
Signed-off-by: Erik Skultety <eskultet@redhat.com>
|
|
Acked-by: Michal Privoznik <mprivozn@redhat.com>
|
|
(cherry picked from commit 7dc31fe503e540d5b4ee4f94d61842aa6e302e94)
|
|
Signed-off-by: Erik Skultety <eskultet@redhat.com>
|
|
Message-Id: <6bde21a3bda257a042d6f6c1d78ab1bf12c196d3.1546506016.git.eskultet@redhat.com>
|
|
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
|
|
---
|
|
src/qemu/qemu_process.c | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
|
|
index 757e2d33a4..bc573f96a4 100644
|
|
--- a/src/qemu/qemu_process.c
|
|
+++ b/src/qemu/qemu_process.c
|
|
@@ -5990,6 +5990,7 @@ qemuProcessSEVCreateFile(virDomainObjPtr vm,
|
|
const char *data)
|
|
{
|
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
|
+ virQEMUDriverPtr driver = priv->driver;
|
|
char *configFile;
|
|
int ret = -1;
|
|
|
|
@@ -6002,6 +6003,9 @@ qemuProcessSEVCreateFile(virDomainObjPtr vm,
|
|
goto cleanup;
|
|
}
|
|
|
|
+ if (qemuSecurityDomainSetPathLabel(driver, vm, configFile, true) < 0)
|
|
+ goto cleanup;
|
|
+
|
|
ret = 0;
|
|
cleanup:
|
|
VIR_FREE(configFile);
|
|
--
|
|
2.22.0
|
|
|