What were you trying to do that didn't work?

tpm state directory on shared storage is removed when migration failed

What is the impact of this issue to you?

The tpm state dir is also used for source vtpm, should not be removed.

Please provide the package NVR for which the bug is seen:

libvirt-11.1.0-1.el10.x86_64/libvirt-10.10.0-7.el10.x86_64
qemu-kvm-9.1.0-15.el10.x86_64
swtpm-0.9.0-5.el10.x86_64
libtpms-0.9.6-10.el10.x86_64

How reproducible is this bug?:

100%

Steps to reproduce

1. mount a nfs/ceph dir on tpm path

$nfs-server# cat /etc/exports
/test/images *(rw,async,root_squash)
/test/swtpm *(rw,async,no_root_squash)
client:
$nfs-server:/test/swtpm  nfs4       70G   15G   56G  21% /var/lib/libvirt/swtpm

 2. prepare migration env, and start a vm with vtpm on source

<tpm model="tpm-crb">
  <backend type="emulator" version="2.0"/>
  <alias name="tpm0"/>
</tpm>
check tpm state dir
# ls /var/lib/libvirt/swtpm
d4cf8650-b5b8-403e-aac3-c1f9d9c6051a

3. migrate to target host with something mismatch, such as firewall port not open, virt_use_nfs disabled, vtpm secret not match, etc

# virsh migrate rhel10-0 qemu+ssh://hostB/system --live --verbose
error: unable to connect to server at 'hostB:49152': No route to host
heck tpm state dir again:
# ls /var/lib/libvirt/swtpm
(nothing output)

4. resolve migration env issue then try to migrate again:

# virsh migrate rhel10-0 qemu+ssh://hostB/system --live --verbose
error: unable to set security context 'system_u:object_r:svirt_image_t:s0:c392,c662' on '/var/lib/libvirt/swtpm/d4cf8650-b5b8-403e-aac3-c1f9d9c6051a/tpm2': No such file or directory

VM will never be migrated due to lack of tpm state directory. And since the tpm state directory is shared, also important for source env.

Expected results

Actual results

tpm state directory should not be removed if it's on shared storage.