On Wed, Oct 02, 2024 at 17:41:46 +0200, Andrea Bolognani wrote: > This is needed when migrating a guest that has persistent TPM > state: relabeling (which implies locking) needs to happen > before the swtpm process is started on the destination host, > but the lock file won't be released by the swtpm process > running on the source host before a handshake with the target > process has happened, creating a catch-22 scenario. > > In order to make migration possible, make it so that locking > for lock files can be explicitly skipped. All other state > files are handled as usual. > > Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx> > --- > src/qemu/qemu_security.c | 56 ++++++++++++++++++++++----------- > src/security/security_dac.c | 12 +++++-- > src/security/security_driver.h | 3 +- > src/security/security_manager.c | 21 +++++++++++-- > src/security/security_manager.h | 6 ++-- > src/security/security_selinux.c | 12 +++++-- > src/security/security_stack.c | 6 ++-- > 7 files changed, 83 insertions(+), 33 deletions(-) Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx>
