[libvirt] [PATCH 0/2] tpm2: Properly handle a removed logfile

Friday, 26 July 2019

If the swtpm's logfile was removed by the user, we get an error
'no transaction is set' from the security manager (DAC) since the
labeling of the file failed the transaction in the commit() phase.
In the failure case we will try to remove the label then in the
error path and run into another commit() error and overwrite a more
useful error message. So in this case we just call the transaction
abort function. We also create an empty log file now since swtpm
doesn't seem to be able to create one itself.

   Stefan

Stefan Berger (2):
  tpm: Set transationStarted to false if commit failed
  tpm: Create empty log file if file was removed

 src/qemu/qemu_security.c | 6 ++++--
 src/qemu/qemu_tpm.c      | 8 ++++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

-- 
2.21.0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt] [PATCH 0/2] tpm2: Properly handle a removed logfile