From 7dc31fe503e540d5b4ee4f94d61842aa6e302e94 Mon Sep 17 00:00:00 2001
From: Erik Skultety <eskultet@redhat.com>
Date: Thu, 6 Dec 2018 14:59:15 +0100
Subject: [PATCH] qemu: process: SEV: Relabel guest owner's SEV files created
 before start

Before launching a SEV guest we take the base64-encoded guest owner's
data specified in launchSecurity and create files with the same content
under /var/lib/libvirt/qemu/<domain>. The reason for this is that we
need to pass these files on to QEMU which then uses them to communicate
with the SEV firmware, except when it doesn't have permissions to open
those files since we don't relabel them.

https://bugzilla.redhat.com/show_bug.cgi?id=1658112

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/qemu/qemu_process.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 3d1ac76ecb..31ae3f39a6 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6046,6 +6046,7 @@ qemuProcessSEVCreateFile(virDomainObjPtr vm,
                          const char *data)
 {
     qemuDomainObjPrivatePtr priv = vm->privateData;
+    virQEMUDriverPtr driver = priv->driver;
     char *configFile;
     int ret = -1;
 
@@ -6058,6 +6059,9 @@ qemuProcessSEVCreateFile(virDomainObjPtr vm,
         goto cleanup;
     }
 
+    if (qemuSecurityDomainSetPathLabel(driver, vm, configFile, true) < 0)
+        goto cleanup;
+
     ret = 0;
  cleanup:
     VIR_FREE(configFile);
-- 
GitLab