[v1] tpm2: Properly handle a removed logfile

[libvirt] [PATCH 0/2] tpm2: Properly handle a removed logfile

Stefan Berger posted 2 patches 4 years, 8 months ago

Diff against v2
Download series mbox

Test syntax-check passed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20190726155147.2989-1-stefanb@linux.ibm.com

There is a newer version of this series

src/qemu/qemu_security.c | 6 ++++--
src/qemu/qemu_tpm.c      | 8 ++++++--
2 files changed, 10 insertions(+), 4 deletions(-)

Expand all Fold all

[libvirt] [PATCH 0/2] tpm2: Properly handle a removed logfile

Posted by Stefan Berger 4 years, 8 months ago

If the swtpm's logfile was removed by the user, we get an error
'no transaction is set' from the security manager (DAC) since the
labeling of the file failed the transaction in the commit() phase.
In the failure case we will try to remove the label then in the
error path and run into another commit() error and overwrite a more
useful error message. So in this case we just call the transaction
abort function. We also create an empty log file now since swtpm
doesn't seem to be able to create one itself.

   Stefan

Stefan Berger (2):
  tpm: Set transationStarted to false if commit failed
  tpm: Create empty log file if file was removed

 src/qemu/qemu_security.c | 6 ++++--
 src/qemu/qemu_tpm.c      | 8 ++++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list