yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #96520
[Bug 2125844] [NEW] libvirt: swtpm directory is chown'ed by libvirt after nova does the same during cold migration
Public bug reported:
While testing the emulated tpm in libvirt, I noticed that libvirt automatically chown the tpm data directory when an instance using it is started.
(according to swtpm_user/swtpm_group in /etc/libvirt/qemu.conf )
$ sudo chown -R root:root /var/lib/libvirt/swtpm/92077e50-52ef-41a7-96ea-dccbd297fb48
$ sudo ls -lah /var/lib/libvirt/swtpm/92077e50-52ef-41a7-96ea-dccbd297fb48/tpm2
total 8.0K
drwx------. 1 root root 40 Sep 28 00:45 .
drwx--x--x. 1 root root 8 Sep 28 00:32 ..
-rw-r-----. 1 root root 0 Sep 28 00:35 .lock
-rw-------. 1 root root 6.0K Sep 28 00:45 tpm2-00.permall
$ sudo virsh start 92077e50-52ef-41a7-96ea-dccbd297fb48
Domain 'testdomain' started
$ sudo ls -lah /var/lib/libvirt/swtpm/92077e50-52ef-41a7-96ea-dccbd297fb48/tpm2
total 8.0K
drwx------. 1 tss tss 40 Sep 28 00:46 .
drwx--x--x. 1 root root 8 Sep 28 00:32 ..
-rw-r-----. 1 tss tss 0 Sep 28 00:46 .lock
-rw-------. 1 tss tss 6.0K Sep 28 00:46 tpm2-00.permall
Currently nova has own logic to chown the directory, but this is just
redundant and is effectively useless (because owership will be
overridden by libvirt eventually).
Note that this capability was added when emulated tpm support was
initially added in v4.5.0.
https://github.com/libvirt/libvirt/commit/2a606b863ebdc0a74e87c453bb9b76278a72d13b
** Affects: nova
Importance: Undecided
Status: New
** Summary changed:
- libvirt: Chown operation of swtpm directory by nova is redundant
+ libvirt: swtpm directory is chown'ed by libvirt after nova does the same during cold migration
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2125844
Title:
libvirt: swtpm directory is chown'ed by libvirt after nova does the
same during cold migration
Status in OpenStack Compute (nova):
New
Bug description:
While testing the emulated tpm in libvirt, I noticed that libvirt automatically chown the tpm data directory when an instance using it is started.
(according to swtpm_user/swtpm_group in /etc/libvirt/qemu.conf )
$ sudo chown -R root:root /var/lib/libvirt/swtpm/92077e50-52ef-41a7-96ea-dccbd297fb48
$ sudo ls -lah /var/lib/libvirt/swtpm/92077e50-52ef-41a7-96ea-dccbd297fb48/tpm2
total 8.0K
drwx------. 1 root root 40 Sep 28 00:45 .
drwx--x--x. 1 root root 8 Sep 28 00:32 ..
-rw-r-----. 1 root root 0 Sep 28 00:35 .lock
-rw-------. 1 root root 6.0K Sep 28 00:45 tpm2-00.permall
$ sudo virsh start 92077e50-52ef-41a7-96ea-dccbd297fb48
Domain 'testdomain' started
$ sudo ls -lah /var/lib/libvirt/swtpm/92077e50-52ef-41a7-96ea-dccbd297fb48/tpm2
total 8.0K
drwx------. 1 tss tss 40 Sep 28 00:46 .
drwx--x--x. 1 root root 8 Sep 28 00:32 ..
-rw-r-----. 1 tss tss 0 Sep 28 00:46 .lock
-rw-------. 1 tss tss 6.0K Sep 28 00:46 tpm2-00.permall
Currently nova has own logic to chown the directory, but this is just
redundant and is effectively useless (because owership will be
overridden by libvirt eventually).
Note that this capability was added when emulated tpm support was
initially added in v4.5.0.
https://github.com/libvirt/libvirt/commit/2a606b863ebdc0a74e87c453bb9b76278a72d13b
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/2125844/+subscriptions
