[PATCH v1 21/34] qemuDomainBuildNamespace: Populate TPM from daemon's namespace
As mentioned in one of previous commits, populating domain's
namespace from pre-exec() hook is dangerous. This commit moves
population of the namespace with domain TPM into daemon's
namespace.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_domain_namespace.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/src/qemu/qemu_domain_namespace.c b/src/qemu/qemu_domain_namespace.c
index 36d22b42f2..138dc63489 100644
--- a/src/qemu/qemu_domain_namespace.c
+++ b/src/qemu/qemu_domain_namespace.c
@@ -663,12 +663,11 @@ qemuDomainSetupAllChardevs(virDomainObjPtr vm,
static int
qemuDomainSetupTPM(virDomainTPMDefPtr dev,
- const struct qemuDomainCreateDeviceData *data)
+ char ***paths)
{
switch (dev->type) {
case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
- if (qemuDomainCreateDevice(dev->data.passthrough.source.data.file.path,
- data, false) < 0)
+ if (virStringListAdd(paths, dev->data.passthrough.source.data.file.path) <
0)
return -1;
break;
@@ -684,14 +683,14 @@ qemuDomainSetupTPM(virDomainTPMDefPtr dev,
static int
qemuDomainSetupAllTPMs(virDomainObjPtr vm,
- const struct qemuDomainCreateDeviceData *data)
+ char ***paths)
{
size_t i;
VIR_DEBUG("Setting up TPMs");
for (i = 0; i < vm->def->ntpms; i++) {
- if (qemuDomainSetupTPM(vm->def->tpms[i], data) < 0)
+ if (qemuDomainSetupTPM(vm->def->tpms[i], paths) < 0)
return -1;
}
@@ -880,6 +879,9 @@ qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg,
if (qemuDomainSetupAllChardevs(vm, &paths) < 0)
return -1;
+ if (qemuDomainSetupAllTPMs(vm, &paths) < 0)
+ return -1;
+
if (qemuDomainNamespaceMknodPaths(vm, (const char **) paths) < 0)
return -1;
@@ -931,9 +933,6 @@ qemuDomainUnshareNamespace(virQEMUDriverConfigPtr cfg,
if (qemuDomainSetupDev(mgr, vm, devPath) < 0)
goto cleanup;
- if (qemuDomainSetupAllTPMs(vm, &data) < 0)
- goto cleanup;
-
if (qemuDomainSetupAllGraphics(vm, &data) < 0)
goto cleanup;
--
2.26.2