[PATCH] virt-aa-helper: Allow swtpm to fsync on dir
Stefan Berger
stefanb at linux.vnet.ibm.com
Tue Jul 13 18:38:32 UTC 2021
Allow swtpm (0.7.0 or later) to fsync on the directory where it writes
its state files into so that "the entry in the directory containing the
file has also reached disk" (fsync(2)).
Signed-off-by: Stefan Berger <stefanb at linux.ibm.com>
---
src/security/virt-aa-helper.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 52cfebf6e0..e21557c810 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1250,8 +1250,11 @@ get_files(vahControl * ctl)
" \"%s/libvirt/qemu/swtpm/%s-swtpm.sock\" rw,\n",
RUNSTATEDIR, shortName);
/* Paths for swtpm to use: give it access to its state
- * directory, log, and PID files.
+ * directory (state files and fsync on dir), log, and PID files.
*/
+ virBufferAsprintf(&buf,
+ " \"%s/lib/libvirt/swtpm/%s/%s/\" r,\n",
+ LOCALSTATEDIR, uuidstr, tpmpath);
virBufferAsprintf(&buf,
" \"%s/lib/libvirt/swtpm/%s/%s/**\" rwk,\n",
LOCALSTATEDIR, uuidstr, tpmpath);
--
2.31.1
More information about the libvir-list
mailing list