When starting swtpm binary, the qemuSecurityStartTPMEmulator() is called which sets seclabel on the TPM state and then uses qemuSecurityCommandRun() to execute the swtpm binary with proper seclabel. Well, the aim is to ditch qemuSecurityStartTPMEmulator() because it entangles two distinct operations. Just call functions for them separately. Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> --- src/qemu/qemu_tpm.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 03055002cb..b2748eb6a4 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -927,7 +927,6 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, virTimeBackOffVar timebackoff; const unsigned long long timeout = 1000; /* ms */ bool setTPMStateLabel = true; - bool teardownlabel = false; int cmdret = 0; pid_t pid = -1; @@ -960,18 +959,18 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, setTPMStateLabel = false; } - if (qemuSecurityStartTPMEmulator(driver, vm, cmd, - cfg->swtpm_user, cfg->swtpm_group, - setTPMStateLabel, NULL, &cmdret) < 0) { + if (qemuSecuritySetTPMLabels(driver, vm, setTPMStateLabel) < 0) + return -1; + + if (qemuSecurityCommandRun(driver, vm, cmd, cfg->swtpm_user, + cfg->swtpm_group, NULL, &cmdret) < 0) goto error; - } if (cmdret < 0) { - /* virCommandRun() hidden in qemuSecurityStartTPMEmulator() + /* virCommandRun() hidden in qemuSecurityCommandRun() * already reported error. */ goto error; } - teardownlabel = true; if (virPidFileReadPath(pidfile, &pid) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -1014,8 +1013,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, virProcessKillPainfully(pid, true); if (pidfile) unlink(pidfile); - if (teardownlabel) - qemuSecurityRestoreTPMLabels(driver, vm, setTPMStateLabel); + qemuSecurityRestoreTPMLabels(driver, vm, setTPMStateLabel); return -1; } -- 2.38.2