Extend the DAC and SELinux modules with support for the
tpm-emulator.
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx>
---
src/security/security_dac.c | 4 ++++
src/security/security_selinux.c | 5 +++++
2 files changed, 9 insertions(+)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 5efbc27..351f6f4 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1373,6 +1373,10 @@ virSecurityDACSetTPMFileLabel(virSecurityManagerPtr mgr,
false);
break;
case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+ ret = virSecurityDACSetChardevLabel(mgr, def,
+ &tpm->data.emulator.source,
+ false);
+ break;
case VIR_DOMAIN_TPM_TYPE_LAST:
break;
}
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index f5ba877..17bc07a 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1473,6 +1473,11 @@ virSecuritySELinuxSetTPMFileLabel(virSecurityManagerPtr mgr,
}
break;
case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+ tpmdev = tpm->data.emulator.source.data.nix.path;
+ rc = virSecuritySELinuxSetFilecon(mgr, tpmdev, seclabel->imagelabel);
+ if (rc < 0)
+ return -1;
+ break;
case VIR_DOMAIN_TPM_TYPE_LAST:
break;
}
--
2.5.5
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
