[PATCH 2/2] tools: Fix detection of remote libvirt access in virt-qemu-sev-validate

Thursday, 2 February 2023

The VM's firmware path is not extracted from the XML when invoking
virt-qemu-sev-validate in insecure mode and connecting to the local libvirt

virt-qemu-sev-validate --insecure --tk tek-tik.bin --domain test-sev-es
ERROR: Cannot access firmware path remotely

The test for remote access compares the return value from socket.gethostname()
to the return value from conn.getHostname(). The former doesn't always return
the fqdn, whereas the latter does. Use socket.getfqdn() instead.

Signed-off-by: Jim Fehlig <jfehlig(a)suse.com&gt;
---

Optionally only compare hostnames and not fqdn?

 tools/virt-qemu-sev-validate | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/virt-qemu-sev-validate b/tools/virt-qemu-sev-validate
index 3d8b292fef..7a8c3205e7 100755
--- a/tools/virt-qemu-sev-validate
+++ b/tools/virt-qemu-sev-validate
@@ -942,7 +942,7 @@ class LibvirtConfidentialVM(ConfidentialVM):
     def load_domain(self, uri, id_name_uuid, secure, ignore_config):
         self.conn = libvirt.open(uri)
 
-        remote = socket.gethostname() != self.conn.getHostname()
+        remote = socket.getfqdn() != self.conn.getHostname()
         if not remote and secure:
             raise InsecureUsageException(
                 "running locally on the hypervisor host is not secure")
-- 
2.38.1


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[PATCH 2/2] tools: Fix detection of remote libvirt access in virt-qemu-sev-validate