When starting swtpm binary, the qemuSecurityStartTPMEmulator() is
called which sets seclabel on the TPM state and then uses
qemuSecurityCommandRun() to execute the swtpm binary with proper
seclabel. Well, the aim is to ditch
qemuSecurityStartTPMEmulator() because it entangles two distinct
operations. Just call functions for them separately.
Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
src/qemu/qemu_tpm.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 03055002cb..b2748eb6a4 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -927,7 +927,6 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
virTimeBackOffVar timebackoff;
const unsigned long long timeout = 1000; /* ms */
bool setTPMStateLabel = true;
- bool teardownlabel = false;
int cmdret = 0;
pid_t pid = -1;
@@ -960,18 +959,18 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
setTPMStateLabel = false;
}
- if (qemuSecurityStartTPMEmulator(driver, vm, cmd,
- cfg->swtpm_user, cfg->swtpm_group,
- setTPMStateLabel, NULL, &cmdret) < 0) {
+ if (qemuSecuritySetTPMLabels(driver, vm, setTPMStateLabel) < 0)
+ return -1;
+
+ if (qemuSecurityCommandRun(driver, vm, cmd, cfg->swtpm_user,
+ cfg->swtpm_group, NULL, &cmdret) < 0)
goto error;
- }
if (cmdret < 0) {
- /* virCommandRun() hidden in qemuSecurityStartTPMEmulator()
+ /* virCommandRun() hidden in qemuSecurityCommandRun()
* already reported error. */
goto error;
}
- teardownlabel = true;
if (virPidFileReadPath(pidfile, &pid) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@@ -1014,8 +1013,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
virProcessKillPainfully(pid, true);
if (pidfile)
unlink(pidfile);
- if (teardownlabel)
- qemuSecurityRestoreTPMLabels(driver, vm, setTPMStateLabel);
+ qemuSecurityRestoreTPMLabels(driver, vm, setTPMStateLabel);
return -1;
}
--
2.38.2
