On 7/14/21 9:13 AM, Michal Prívozník wrote: > On 7/13/21 8:38 PM, Stefan Berger wrote: >> Allow swtpm (0.7.0 or later) to fsync on the directory where it writes >> its state files into so that "the entry in the directory containing the >> file has also reached disk" (fsync(2)). >> >> Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx> >> --- >> src/security/virt-aa-helper.c | 5 ++++- >> 1 file changed, 4 insertions(+), 1 deletion(-) >> >> diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c >> index 52cfebf6e0..e21557c810 100644 >> --- a/src/security/virt-aa-helper.c >> +++ b/src/security/virt-aa-helper.c >> @@ -1250,8 +1250,11 @@ get_files(vahControl * ctl) >> " \"%s/libvirt/qemu/swtpm/%s-swtpm.sock\" rw,\n", >> RUNSTATEDIR, shortName); >> /* Paths for swtpm to use: give it access to its state >> - * directory, log, and PID files. >> + * directory (state files and fsync on dir), log, and PID files. >> */ >> + virBufferAsprintf(&buf, >> + " \"%s/lib/libvirt/swtpm/%s/%s/\" r,\n", >> + LOCALSTATEDIR, uuidstr, tpmpath); >> virBufferAsprintf(&buf, >> " \"%s/lib/libvirt/swtpm/%s/%s/**\" rwk,\n", >> LOCALSTATEDIR, uuidstr, tpmpath); >> > > Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx> > Just realized that you might not have commit access after we switched to gitlab. So I went ahead and pushed this for you. Michal
