From f05ada592f526a60c18652c32014ff4e51e518b2 Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Fri, 1 Dec 2023 14:01:58 +0000 Subject: [PATCH] libs: protection: x86_64: drop root requirement for querying It is no longer necessary to be `root` to query the guest protection (TDX) on `x86_64` systems, so drop the requirement. > **Note:** > > This change drops the `nix` `Uid` import required for the `root` check. > But at the same time it adds it for PPC64le since that implementation of > `available_guest_protection()` needs it and it was previously missing. Fixes: #8548. Signed-off-by: James O. D. Hunt --- src/libs/kata-sys-util/src/protection.rs | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/src/libs/kata-sys-util/src/protection.rs b/src/libs/kata-sys-util/src/protection.rs index 51352a9d4..178b0813e 100644 --- a/src/libs/kata-sys-util/src/protection.rs +++ b/src/libs/kata-sys-util/src/protection.rs @@ -13,7 +13,7 @@ use std::path::Path; use std::path::PathBuf; use thiserror::Error; -#[cfg(any(target_arch = "s390x", target_arch = "x86_64"))] +#[cfg(any(target_arch = "s390x", target_arch = "powerpc64le"))] use nix::unistd::Uid; #[cfg(target_arch = "x86_64")] @@ -97,10 +97,6 @@ const TDX_MINOR_FILE: &str = "minor_version"; #[cfg(target_arch = "x86_64")] pub fn available_guest_protection() -> Result { - if !Uid::effective().is_root() { - return Err(ProtectionError::NoPerms); - } - arch_guest_protection( TDX_SYS_FIRMWARE_DIR, SEV_KVM_PARAMETER_PATH, @@ -262,23 +258,10 @@ pub fn available_guest_protection() -> Result #[cfg(test)] mod tests { use super::*; - use nix::unistd::Uid; use std::fs; use std::io::Write; use tempfile::tempdir; - #[test] - fn test_available_guest_protection_no_privileges() { - if !Uid::effective().is_root() { - let res = available_guest_protection(); - assert!(res.is_err()); - assert_eq!( - "No permission to check guest protection", - res.unwrap_err().to_string() - ); - } - } - #[test] fn test_arch_guest_protection_snp() { // Test snp