[PATCH 2/2] qemu: process: SEV: Relabel guest owner's SEV files created before start

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Before launching a SEV guest we take the base64-encoded guest owner's
data specified in launchSecurity and create files with the same content
under /var/lib/libvirt/qemu/<domain>. The reason for this is that we
need to pass these files on to QEMU which then uses them to communicate
with the SEV firmware, except when it doesn't have permissions to open
those files since we don't relabel them.

https://bugzilla.redhat.com/show_bug.cgi?id=1658112

Signed-off-by: Erik Skultety <eskultet@xxxxxxxxxx>
---
 src/qemu/qemu_process.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index db3c095f09..dd815f5b80 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6045,6 +6045,7 @@ qemuProcessSEVCreateFile(virDomainObjPtr vm,
                          const char *data)
 {
     qemuDomainObjPrivatePtr priv = vm->privateData;
+    virQEMUDriverPtr driver = priv->driver;
     char *configFile;
     int ret = -1;
 
@@ -6057,6 +6058,9 @@ qemuProcessSEVCreateFile(virDomainObjPtr vm,
         goto cleanup;
     }
 
+    if (qemuSecurityDomainSetPathLabel(driver, vm, configFile, true) < 0)
+        goto cleanup;
+
     ret = 0;
  cleanup:
     VIR_FREE(configFile);
-- 
2.19.2

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux