Commit Graph

13 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
68ed06a200
Don't try to set 'created-by-' tag when cloning VM
This tag can't be set from outside of qubesd.
2017-07-14 04:14:46 +02:00
Marek Marczykowski-Górecki
e6149b09ce
Fix VM creation with default template
Fixes QubesOS/qubes-issues#2866
2017-07-08 00:08:19 +02:00
Marek Marczykowski-Górecki
a2d9303ea9
app: fix policy deny reporting when running in VM
qrexec-client-vm non-zero exit code means policy have denied the call.
Treat this exactly the same as empty response (in dom0 case).
2017-07-05 14:16:31 +02:00
Marek Marczykowski-Górecki
942e122d27
firewall: drop GetPolicy/SetPolicy calls
Firewall policy is now hardcoded to 'drop'. Keep the property, so anyone
trying to assign it will get an exception

QubesOS/qubes-issues#2869
2017-07-05 14:16:30 +02:00
Marek Marczykowski-Górecki
ade5083e5e
app: do not clone 'uuid' property
Cloned VM have new UUID
2017-07-05 14:16:30 +02:00
Marek Marczykowski-Górecki
bcd026d141
Implement VM clone as create + copy data+metadata
This way we don't need separate admin.vm.Clone call, which is tricky to
handler properly with policy.
A VM may not have access to all the properties and other metadata, so
add ignore_errors argument, for best-effort approach (copy what is
possible). In any case, failure of cloning VM data fails the whole
operation.
When operation fails, VM is removed.

While at it, allow to specify alternative VM class - this allows
morphing one VM into another (for example AppVM -> StandaloneVM).

Adjust qvm-clone tool and tests accordingly.

QubesOS/qubes-issues#2622
2017-06-20 01:34:18 +02:00
Wojtek Porczyk
0a556fad8c app: close payload_stream in qubesd_call
This is to prevent leaking file descriptors.

QubesOS/qubes-issues#2622
2017-05-26 19:09:29 +02:00
Marek Marczykowski-Górecki
93d7249ef0
Make VMCollection return sorted VM list on iteration
This makes it much easier to write tests...
2017-05-26 00:42:48 +02:00
Marek Marczykowski-Górecki
6f99e871cf
Clear VM cache after adding new VM
If cache was already populated, trying to reference newly created VM
would fail as it isn't the cache.
2017-05-26 00:42:47 +02:00
Marek Marczykowski-Górecki
0b2f7ac958
Add efficient method to handle large payloads for Admin API methods
Add qubesd_call(..., payload_stream=...) argument to allow streaming
payload directly from some file/process stdout. This is mainly (only?)
useful for admin.vm.volume.Import, where disk volume raw data is passed
to the service.
2017-05-26 00:42:46 +02:00
Marek Marczykowski-Górecki
938fc9348f
Add 'wait' argument to vm.run_service()
It is supported only from dom0, but it's still useful to have, to save
on simultaneous vchan connections (only waiting for MSG_DATA_EXIT_CODE).
This is especially important for Windows VMs, as qrexec-agent there have
pretty low limit on simultaneous connections (about 20).

Make qvm-run use it.
2017-05-19 18:41:07 +02:00
Marek Marczykowski-Górecki
cfc9ff2ce5
Rename Mgmt API to Admin API: methods names
QubesOS/qubes-issues#853
2017-05-12 19:36:03 +02:00
Marek Marczykowski-Górecki
4ceff0f8c0
Rename qubesmgmt to qubesadmin module
QubesOS/qubes-issues#853
2017-05-11 23:40:03 +02:00