Follow the changes in Fedora to build a separate swtpm-selinux package
so that swtpm can also be installed without SELinux on the system.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
With a memoryBacking node added to the libvirt domain XML, the unlink
permission on user_tmp_t:sockfile becomes necessary to avoid an avc
denial.
<currentMemory unit='KiB'>2097152</currentMemory>
<memoryBacking>
<hugepages>
<page size='2048' unit='KiB'/>
</hugepages>
</memoryBacking>
Also add the unlink permission to the other occurrences of sock_file.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2165142
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The following command line did not function on an x86_64 host due to missing
SELinux rules:
virt-install -v \
--name fedora-38-aarch64 \
--ram 4096 \
--disk path=fedora-38.img,cache=none \
--nographics \
--os-variant fedora38 \
--import \
--virt-type=qemu \
--arch aarch64 \
--check all=off
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2228423
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
When running a VM connected to qemu:///session, swtpm needs access to its own
process id and socket files in /run/user/<UID>/libvirt/qemu/run/swtpm/. Add
permissions to access them in the apparmor profile.
Signed-off-by: Lena Voytek <lena.voytek@canonical.com>
swtpm_setup and swtpm_localca may be run by a toolstack with log
messages going to a pipe via stdout. Set stdout to be unbuffered to
avoid log messages being lost if the process terminates unexpectedly.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
The --version option was using the wrong goto label error rather than
out to now also exit with exitcode 0.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Close the file descriptors passed to the swtpm process on the parent
side for faster detection of errors in the swtpm process that can
occur if swtpm was passed a profile that it cannot run with.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
On busy systems TSC_PhysicalPresence may time out when used with short
duration, so use medium duration instead.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
In case swtpm does not start properly the write() to it may work but
then the read() gets stuck. Detect a failed swtpm by adding a poll()
before the read(). Use some extended durations considering possibly
busy systems.
A terminating swtpm instance can be caused when an unacceptable
profile is passed.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Fix the display of long responses that require calling PTM_GET_INFO
multiple times to get parts of the response from increasing offsets
until the whole response has been received.
Long responses are only returned when libtpms has profiles support and
several flags are passed to PTM_GET_INFO.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Older versions of libtpms need to have another patch applied that disables
x509 certificate creation (0013-Disable-x509-test-cases-part2.patch).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
To support install paths that are not covered by $PATH, and still allow
swtpm_setup and swtpm_localca to find swtpm and swtpm_cert executables,
implement find_program() to prepend the install path if only the program
name is given and otherwise fall back to g_find_program_in_path().
Update the man page stating that swtpm from the installation directory
(BINDIR) is tried to be used before one is attempted to be found in
the PATH.
Resolves: https://github.com/stefanberger/swtpm/issues/795
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Since the tss2 package is commonly available in focal and jammy
move it into to the general list of packages to installed.
libtpm2-pkcs11-tools is available since jammy, so installed it
there to enable the TPM 2 pkcs11 tests.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Since the package libasan2 does not exist in focal anymore, remove. The
bionic builds do not seem to require this package to be installed (maybe
it's already there), so there's no need to install it in a before_script.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Recent GnuTLS does not package tpmtool anymore. Check for
the missing tpmtool and report an error as appropriate.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The compiler (though wrongly) identifies that the @argv variable
inside of get_swtpm_capabilities() function cam be used
uninitialized. While this is a spurious warning, it's common
practice to initialize g_autofree variables to NULL.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Users have option to disable CUSE interface (just pass
--without-cuse argument to the configure script). But the
swtpm_cuse.8 man page is installed regardless of the argument.
This leaves distros having to remove the file before packing
builddir into packages.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
When opening a log file fails (--log file=/some/path) for
whatever reason the @logfd variable is left set to -1 (the retval
of open()). And due to how _logprintf() is written, the
subsequent attempt to log this failure (logprintf()) returns too
early not printing the useful error.
Therefore, restore the original (CONSOLE_LOGGING) value.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
certtool emits the following message if --verify-profile is not
passed:
Note that no verification profile was selected. In the future the medium profile will be enabled by default.
Use --verify-profile low to apply the default verification of NORMAL priority string.
Pass the --verify-profile option if certtool supports it (since ~3.6.12).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
If swtpm_setup is configured with a log file, it launches swtpm
configured with the same log file. If not, swtpm_setup logs will go to
stdout/stderr and it should configure swtpm to do the same.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Move existing exit label before the return statement and add another
label that includes the free(filebuffer). This avoids a false positive
by 'gcc -fanalyzer' that seems to think that free(filebuffer)
would double-free filebuffer after filebuffer = realloc(tmp, ..)
failure.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Return TPM_FAIL if SWTPM_NVRAM_DecryptData() is called without a key or
if an unhandle type of encryption mode is encountered. Previously this
function would return no error but also would not do any decryption if
no key was provided. Consequently, it would then also not return a byte
array with decrypted data which in turn could led to potential NULL
pointer accesses in subsequent calls. However, all current callers check
whether they have a valid key before they call this function. So the
change is primarily done for static analyzers, such as gcc -fanalyzer,
to ease code analysis.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
