vm: fix handling policy deny on admin.vm.List

vm.get_power_state() have specifically documented 'NA' state for cases
when it's unable to get VM's power state. Use this when qrexec policy
forbid checking it.

Reported by @pietrushnic
Fixes QubesOS/qubes-issues#3179
This commit is contained in:
Marek Marczykowski-Górecki 2017-10-16 01:20:27 +02:00
parent 17670eae1b
commit 2f7d1ca476
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724

View File

@ -168,11 +168,14 @@ class QubesVM(qubesadmin.base.PropertyHolder):
''' '''
vm_list_info = [line try:
for line in self.qubesd_call( vm_list_info = [line
self._method_dest, 'admin.vm.List', None, None for line in self.qubesd_call(
).decode('ascii').split('\n') self._method_dest, 'admin.vm.List', None, None
if line.startswith(self._method_dest+' ')] ).decode('ascii').split('\n')
if line.startswith(self._method_dest+' ')]
except qubesadmin.exc.QubesDaemonNoResponseError:
return 'NA'
assert len(vm_list_info) == 1 assert len(vm_list_info) == 1
# name class=... state=... other=... # name class=... state=... other=...
# NOTE: when querying dom0, we get whole list # NOTE: when querying dom0, we get whole list
@ -206,7 +209,7 @@ class QubesVM(qubesadmin.base.PropertyHolder):
:rtype: bool :rtype: bool
''' '''
return self.get_power_state() != 'Halted' return self.get_power_state() not in ('Halted', 'NA')
def is_networked(self): def is_networked(self):
'''Check whether this VM can reach network (firewall notwithstanding). '''Check whether this VM can reach network (firewall notwithstanding).