On Tue, Jul 13, 2021 at 2:42 PM Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> wrote: > > Allow swtpm (0.7.0 or later) to fsync on the directory where it writes > its state files into so that "the entry in the directory containing the > file has also reached disk" (fsync(2)). > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx> > --- > src/security/virt-aa-helper.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c > index 52cfebf6e0..e21557c810 100644 > --- a/src/security/virt-aa-helper.c > +++ b/src/security/virt-aa-helper.c > @@ -1250,8 +1250,11 @@ get_files(vahControl * ctl) > " \"%s/libvirt/qemu/swtpm/%s-swtpm.sock\" rw,\n", > RUNSTATEDIR, shortName); > /* Paths for swtpm to use: give it access to its state > - * directory, log, and PID files. > + * directory (state files and fsync on dir), log, and PID files. > */ > + virBufferAsprintf(&buf, > + " \"%s/lib/libvirt/swtpm/%s/%s/\" r,\n", > + LOCALSTATEDIR, uuidstr, tpmpath); > virBufferAsprintf(&buf, > " \"%s/lib/libvirt/swtpm/%s/%s/**\" rwk,\n", > LOCALSTATEDIR, uuidstr, tpmpath); > -- > 2.31.1 > Patch looks fine to me. Reviewed-by: Neal Gompa <ngompa13@xxxxxxxxx> -- 真実はいつも一つ!/ Always, there's only one truth!
