swtpm: enable logging

AFAICT, previously, errors from swtpm would not show up in any logs,
because they were just printed to the stderr of the daemonized
invocation here.

The 'truncate' option is not used, so that the log is not immediately
lost when a new instance is started. This increases the chance that
the relevant errors are still present when requesting the log from a
user.

Log level 1 contains the most relevant errors and seems to be quiet
for working-as-expected invocations. Log level 2 already includes
logging full TPM commands, some of which are 1024 bytes long. Thus,
log level 1 was chosen.

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>

diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index ff1e3c722d32ed45de5f7c0ba2628b8793c69874..5560168801d55213283506bec897fb94b082cd80 100644 (file)
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -3275,6 +3275,8 @@ sub start_swtpm {
        "file=$paths->{pid}",
        "--terminate", # terminate on QEMU disconnect
        "--daemon",
+       "--log",
+       "file=/run/qemu-server/$vmid-swtpm.log,level=1",
     ];
     push @$emulator_cmd, "--tpm2" if $tpm->{version} eq 'v2.0';
     run_command($emulator_cmd, outfunc => sub { print $1; });