render / rpms / libvirt

Forked from rpms/libvirt 8 months ago
Clone
Source Code
GIT

Blame SOURCES/libvirt-qemu-process-SEV-Relabel-guest-owner-s-SEV-files-created-before-start.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-sig-hyperscale c8s-stream-rhel c9 c9-beta c9s-sig-hyperscale libvirt-hyperscale-10.4.0 upgrade-hyperscale-libvirt
  1.   073345568dfa4ef83ac8388b7e9c57fe5292c203
  2.   SOURCES
  3.   libvirt-qemu-process-SEV-Relabel-guest-owner-s-SEV-files-created-before-start.patch
Blob History Raw
c480ed 
From dc905fbc1f420a8d7856d9ff7f27b3faae352098 Mon Sep 17 00:00:00 2001
c480ed 
Message-Id: <dc905fbc1f420a8d7856d9ff7f27b3faae352098@dist-git>
c480ed 
From: Erik Skultety <eskultet@redhat.com>
c480ed 
Date: Thu, 3 Jan 2019 10:03:46 +0100
c480ed 
Subject: [PATCH] qemu: process: SEV: Relabel guest owner's SEV files created
c480ed 
 before start
c480ed
c480ed 
Before launching a SEV guest we take the base64-encoded guest owner's
c480ed 
data specified in launchSecurity and create files with the same content
c480ed 
under /var/lib/libvirt/qemu/<domain>. The reason for this is that we
c480ed 
need to pass these files on to QEMU which then uses them to communicate
c480ed 
with the SEV firmware, except when it doesn't have permissions to open
c480ed 
those files since we don't relabel them.
c480ed
c480ed 
https://bugzilla.redhat.com/show_bug.cgi?id=1658112
c480ed
c480ed 
Signed-off-by: Erik Skultety <eskultet@redhat.com>
c480ed 
Acked-by: Michal Privoznik <mprivozn@redhat.com>
c480ed 
(cherry picked from commit 7dc31fe503e540d5b4ee4f94d61842aa6e302e94)
c480ed 
Signed-off-by: Erik Skultety <eskultet@redhat.com>
c480ed 
Message-Id: <6bde21a3bda257a042d6f6c1d78ab1bf12c196d3.1546506016.git.eskultet@redhat.com>
c480ed 
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
c480ed 
---
c480ed 
 src/qemu/qemu_process.c | 4 ++++
c480ed 
 1 file changed, 4 insertions(+)
c480ed
c480ed 
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
c480ed 
index 757e2d33a4..bc573f96a4 100644
c480ed 
--- a/src/qemu/qemu_process.c
c480ed 
+++ b/src/qemu/qemu_process.c
c480ed 
@@ -5990,6 +5990,7 @@ qemuProcessSEVCreateFile(virDomainObjPtr vm,
c480ed 
                          const char *data)
c480ed 
 {
c480ed 
     qemuDomainObjPrivatePtr priv = vm->privateData;
c480ed 
+    virQEMUDriverPtr driver = priv->driver;
c480ed 
     char *configFile;
c480ed 
     int ret = -1;
c480ed
c480ed 
@@ -6002,6 +6003,9 @@ qemuProcessSEVCreateFile(virDomainObjPtr vm,
c480ed 
         goto cleanup;
c480ed 
     }
c480ed
c480ed 
+    if (qemuSecurityDomainSetPathLabel(driver, vm, configFile, true) < 0)
c480ed 
+        goto cleanup;
c480ed 
+
c480ed 
     ret = 0;
c480ed 
  cleanup:
c480ed 
     VIR_FREE(configFile);
c480ed 
--
c480ed 
2.22.0
c480ed

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation