[libvirt] [PATCH v2 0/2] tpm2: Properly handle a removed logfile
Stefan Berger
stefanb at linux.ibm.com
Fri Jul 26 21:07:04 UTC 2019
If the swtpm's logfile was removed by the user, we get an error
'no transaction is set' from the security manager (DAC) since the
labeling of the file failed the transaction in the commit() phase.
In the failure case we will try to remove the label then in the
error path and run into another commit() error and overwrite a more
useful error message. So in this case we just call the transaction
abort function. We also create an empty log file now since swtpm
doesn't seem to be able to create one itself.
Stefan
v1->v2:
- Added R-b's
Stefan Berger (2):
tpm: Set transationStarted to false if commit failed
tpm: Create empty log file if file was removed
src/qemu/qemu_security.c | 3 ++-
src/qemu/qemu_tpm.c | 8 ++++++--
2 files changed, 8 insertions(+), 3 deletions(-)
--
2.21.0
More information about the libvir-list
mailing list