Public bug reported: While testing the emulated tpm in libvirt, I noticed that libvirt automatically chown the tpm data directory when an instance using it is started. (according to swtpm_user/swtpm_group in /etc/libvirt/qemu.conf )
$ sudo chown -R root:root /var/lib/libvirt/swtpm/92077e50-52ef-41a7-96ea-dccbd297fb48 $ sudo ls -lah /var/lib/libvirt/swtpm/92077e50-52ef-41a7-96ea-dccbd297fb48/tpm2 total 8.0K drwx------. 1 root root 40 Sep 28 00:45 . drwx--x--x. 1 root root 8 Sep 28 00:32 .. -rw-r-----. 1 root root 0 Sep 28 00:35 .lock -rw-------. 1 root root 6.0K Sep 28 00:45 tpm2-00.permall $ sudo virsh start 92077e50-52ef-41a7-96ea-dccbd297fb48 Domain 'testdomain' started $ sudo ls -lah /var/lib/libvirt/swtpm/92077e50-52ef-41a7-96ea-dccbd297fb48/tpm2 total 8.0K drwx------. 1 tss tss 40 Sep 28 00:46 . drwx--x--x. 1 root root 8 Sep 28 00:32 .. -rw-r-----. 1 tss tss 0 Sep 28 00:46 .lock -rw-------. 1 tss tss 6.0K Sep 28 00:46 tpm2-00.permall Currently nova has own logic to chown the directory, but this is just redundant and is effectively useless (because owership will be overridden by libvirt eventually). Note that this capability was added when emulated tpm support was initially added in v4.5.0. https://github.com/libvirt/libvirt/commit/2a606b863ebdc0a74e87c453bb9b76278a72d13b ** Affects: nova Importance: Undecided Status: New ** Summary changed: - libvirt: Chown operation of swtpm directory by nova is redundant + libvirt: swtpm directory is chown'ed by libvirt after nova does the same during cold migration -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/2125844 Title: libvirt: swtpm directory is chown'ed by libvirt after nova does the same during cold migration Status in OpenStack Compute (nova): New Bug description: While testing the emulated tpm in libvirt, I noticed that libvirt automatically chown the tpm data directory when an instance using it is started. (according to swtpm_user/swtpm_group in /etc/libvirt/qemu.conf ) $ sudo chown -R root:root /var/lib/libvirt/swtpm/92077e50-52ef-41a7-96ea-dccbd297fb48 $ sudo ls -lah /var/lib/libvirt/swtpm/92077e50-52ef-41a7-96ea-dccbd297fb48/tpm2 total 8.0K drwx------. 1 root root 40 Sep 28 00:45 . drwx--x--x. 1 root root 8 Sep 28 00:32 .. -rw-r-----. 1 root root 0 Sep 28 00:35 .lock -rw-------. 1 root root 6.0K Sep 28 00:45 tpm2-00.permall $ sudo virsh start 92077e50-52ef-41a7-96ea-dccbd297fb48 Domain 'testdomain' started $ sudo ls -lah /var/lib/libvirt/swtpm/92077e50-52ef-41a7-96ea-dccbd297fb48/tpm2 total 8.0K drwx------. 1 tss tss 40 Sep 28 00:46 . drwx--x--x. 1 root root 8 Sep 28 00:32 .. -rw-r-----. 1 tss tss 0 Sep 28 00:46 .lock -rw-------. 1 tss tss 6.0K Sep 28 00:46 tpm2-00.permall Currently nova has own logic to chown the directory, but this is just redundant and is effectively useless (because owership will be overridden by libvirt eventually). Note that this capability was added when emulated tpm support was initially added in v4.5.0. https://github.com/libvirt/libvirt/commit/2a606b863ebdc0a74e87c453bb9b76278a72d13b To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/2125844/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
