From dc905fbc1f420a8d7856d9ff7f27b3faae352098 Mon Sep 17 00:00:00 2001

Message-Id: <dc905fbc1f420a8d7856d9ff7f27b3faae352098@dist-git>

From: Erik Skultety <eskultet@redhat.com>

Date: Thu, 3 Jan 2019 10:03:46 +0100

Subject: [PATCH] qemu: process: SEV: Relabel guest owner's SEV files created

 before start

Before launching a SEV guest we take the base64-encoded guest owner's

data specified in launchSecurity and create files with the same content

under /var/lib/libvirt/qemu/<domain>. The reason for this is that we

need to pass these files on to QEMU which then uses them to communicate

with the SEV firmware, except when it doesn't have permissions to open

those files since we don't relabel them.

https://bugzilla.redhat.com/show_bug.cgi?id=1658112

Signed-off-by: Erik Skultety <eskultet@redhat.com>

Acked-by: Michal Privoznik <mprivozn@redhat.com>

(cherry picked from commit 7dc31fe503e540d5b4ee4f94d61842aa6e302e94)

Signed-off-by: Erik Skultety <eskultet@redhat.com>

Message-Id: <6bde21a3bda257a042d6f6c1d78ab1bf12c196d3.1546506016.git.eskultet@redhat.com>

Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

---

 src/qemu/qemu_process.c | 4 ++++

 1 file changed, 4 insertions(+)

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c

index 757e2d33a4..bc573f96a4 100644

--- a/src/qemu/qemu_process.c

+++ b/src/qemu/qemu_process.c

@@ -5990,6 +5990,7 @@ qemuProcessSEVCreateFile(virDomainObjPtr vm,

                          const char *data)

 {

     qemuDomainObjPrivatePtr priv = vm->privateData;

+    virQEMUDriverPtr driver = priv->driver;

     char *configFile;

     int ret = -1;

@@ -6002,6 +6003,9 @@ qemuProcessSEVCreateFile(virDomainObjPtr vm,

         goto cleanup;

     }

+    if (qemuSecurityDomainSetPathLabel(driver, vm, configFile, true) < 0)

+        goto cleanup;

+

     ret = 0;

  cleanup:

     VIR_FREE(configFile);

-- 

2.22.0