transactionStarted = true;
if (virSecurityManagerSetTPMLabels(driver->securityManager,
- vm->def) < 0) {
+ vm->def, true) < 0) {
virSecurityManagerTransactionAbort(driver->securityManager);
return -1;
}
virSecurityManagerTransactionStart(driver->securityManager) >= 0)
transactionStarted = true;
- virSecurityManagerRestoreTPMLabels(driver->securityManager, vm->def);
+ virSecurityManagerRestoreTPMLabels(driver->securityManager, vm->def, true);
if (transactionStarted &&
virSecurityManagerTransactionCommit(driver->securityManager,
if (virSecurityManagerTransactionStart(driver->securityManager) >= 0)
transactionStarted = true;
- virSecurityManagerRestoreTPMLabels(driver->securityManager, vm->def);
+ virSecurityManagerRestoreTPMLabels(driver->securityManager, vm->def, true);
if (transactionStarted &&
virSecurityManagerTransactionCommit(driver->securityManager,
virDomainChrSourceDef *dev_source,
bool chardevStdioLogd);
typedef int (*virSecurityDomainSetTPMLabels) (virSecurityManager *mgr,
- virDomainDef *def);
+ virDomainDef *def,
+ bool setTPMStateLabel);
typedef int (*virSecurityDomainRestoreTPMLabels) (virSecurityManager *mgr,
- virDomainDef *def);
+ virDomainDef *def,
+ bool restoreTPMStateLabel);
typedef int (*virSecurityDomainSetNetdevLabel) (virSecurityManager *mgr,
virDomainDef *def,
virDomainNetDef *net);
int
virSecurityManagerSetTPMLabels(virSecurityManager *mgr,
- virDomainDef *vm)
+ virDomainDef *vm,
+ bool setTPMStateLabel)
{
VIR_LOCK_GUARD lock = virObjectLockGuard(mgr);
if (!mgr->drv->domainSetSecurityTPMLabels)
return 0;
- return mgr->drv->domainSetSecurityTPMLabels(mgr, vm);
+ return mgr->drv->domainSetSecurityTPMLabels(mgr, vm, setTPMStateLabel);
}
int
virSecurityManagerRestoreTPMLabels(virSecurityManager *mgr,
- virDomainDef *vm)
+ virDomainDef *vm,
+ bool restoreTPMStateLabel)
{
VIR_LOCK_GUARD lock = virObjectLockGuard(mgr);
if (!mgr->drv->domainRestoreSecurityTPMLabels)
return 0;
- return mgr->drv->domainRestoreSecurityTPMLabels(mgr, vm);
+ return mgr->drv->domainRestoreSecurityTPMLabels(mgr, vm, restoreTPMStateLabel);
}
bool chardevStdioLogd);
int virSecurityManagerSetTPMLabels(virSecurityManager *mgr,
- virDomainDef *vm);
+ virDomainDef *vm,
+ bool setTPMStateLabel);
int virSecurityManagerRestoreTPMLabels(virSecurityManager *mgr,
- virDomainDef *vm);
+ virDomainDef *vm,
+ bool restoreTPMStateLabel);
int virSecurityManagerSetNetdevLabel(virSecurityManager *mgr,
virDomainDef *vm,
static int
virSecuritySELinuxSetTPMLabels(virSecurityManager *mgr,
- virDomainDef *def)
+ virDomainDef *def,
+ bool setTPMStateLabel)
{
int ret = 0;
size_t i;
if (def->tpms[i]->type != VIR_DOMAIN_TPM_TYPE_EMULATOR)
continue;
- ret = virSecuritySELinuxSetFileLabels(
- mgr, def->tpms[i]->data.emulator.storagepath,
- seclabel);
- if (ret == 0 && def->tpms[i]->data.emulator.logfile)
- ret = virSecuritySELinuxSetFileLabels(
- mgr, def->tpms[i]->data.emulator.logfile,
- seclabel);
+ if (setTPMStateLabel) {
+ ret = virSecuritySELinuxSetFileLabels(mgr,
+ def->tpms[i]->data.emulator.storagepath,
+ seclabel);
+ }
+
+ if (ret == 0 &&
+ def->tpms[i]->data.emulator.logfile) {
+ ret = virSecuritySELinuxSetFileLabels(mgr,
+ def->tpms[i]->data.emulator.logfile,
+ seclabel);
+ }
}
return ret;
static int
virSecuritySELinuxRestoreTPMLabels(virSecurityManager *mgr,
- virDomainDef *def)
+ virDomainDef *def,
+ bool restoreTPMStateLabel)
{
int ret = 0;
size_t i;
if (def->tpms[i]->type != VIR_DOMAIN_TPM_TYPE_EMULATOR)
continue;
- ret = virSecuritySELinuxRestoreFileLabels(
- mgr, def->tpms[i]->data.emulator.storagepath);
- if (ret == 0 && def->tpms[i]->data.emulator.logfile)
- ret = virSecuritySELinuxRestoreFileLabels(
- mgr, def->tpms[i]->data.emulator.logfile);
+ if (restoreTPMStateLabel) {
+ ret = virSecuritySELinuxRestoreFileLabels(mgr,
+ def->tpms[i]->data.emulator.storagepath);
+ }
+
+ if (ret == 0 &&
+ def->tpms[i]->data.emulator.logfile) {
+ ret = virSecuritySELinuxRestoreFileLabels(mgr,
+ def->tpms[i]->data.emulator.logfile);
+ }
}
return ret;
static int
virSecurityStackSetTPMLabels(virSecurityManager *mgr,
- virDomainDef *vm)
+ virDomainDef *vm,
+ bool setTPMStateLabel)
{
virSecurityStackData *priv = virSecurityManagerGetPrivateData(mgr);
virSecurityStackItem *item = priv->itemsHead;
for (; item; item = item->next) {
if (virSecurityManagerSetTPMLabels(item->securityManager,
- vm) < 0)
+ vm, setTPMStateLabel) < 0)
goto rollback;
}
rollback:
for (item = item->prev; item; item = item->prev) {
if (virSecurityManagerRestoreTPMLabels(item->securityManager,
- vm) < 0) {
+ vm, setTPMStateLabel) < 0) {
VIR_WARN("Unable to restore TPM label after failed set label "
"call virDriver=%s driver=%s domain=%s",
virSecurityManagerGetVirtDriver(mgr),
static int
virSecurityStackRestoreTPMLabels(virSecurityManager *mgr,
- virDomainDef *vm)
+ virDomainDef *vm,
+ bool restoreTPMStateLabel)
{
virSecurityStackData *priv = virSecurityManagerGetPrivateData(mgr);
virSecurityStackItem *item = priv->itemsHead;
for (; item; item = item->next) {
if (virSecurityManagerRestoreTPMLabels(item->securityManager,
- vm) < 0)
+ vm, restoreTPMStateLabel) < 0)
rc = -1;
}
projects / libvirt.git / commitdiff