On Mon, Sep 02, 2024 at 04:55:30PM GMT, Peter Krempa wrote: > I wanted to first complain that it's missing the 'dac' driver counter > part, but weirdly enough the 'dac' security driver is completely missing > the impl for: > > domainSetSecurityTPMLabels and domainRestoreSecurityTPMLabels > > Do we assume that the paths for the TPM emulator have always the correct > owner? I guess so? I noticed this as well and wanted to look into addressing this gap, but I was starting to seriously run out of steam by that point so I decided to leave it alone for now. It doesn't seem to get in the way in practice. > This function has pre-existing very questionable logic in handling > failure: > [...] > > Obviously this is for a different patch, but since you seem to be keen > on fixing labelling for TPMs ... It would be nice to fix this. Just like the above though, it's a pre-existing issue so it should be okay to address it with a follow-up series and avoid it holding up this feature further. In the meantime, I've posted [v7] which should hopefully take care of all your other concerns. [v7] https://lists.libvirt.org/archives/list/devel@xxxxxxxxxxxxxxxxx/thread/CXPDCLE3QN6VGNZKYBOP2K2UM4TFMH4S/ -- Andrea Bolognani / Red Hat / Virtualization
