Commit Graph

53 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
7425a5359b
Cleanup Admin API denial reporting
Rename QubesDaemonNoResponseError to more intuitive
QubesDaemonAccessError (keep legacy name still working).
Use QubesPropertyAccessError whenever the access is about @property -
this makes it easy to use `getattr` to use default value instead.

QubesOS/qubes-issues#5811
2020-08-11 02:06:42 +02:00
Marek Marczykowski-Górecki
45a28c29ae
Fix VM validity check for cached VM objects
Qubes().domains.refresh_cache() tries to preserve cached VM objects if
the class matches - this way if an application keeps reference to any,
it will still be the same as freshly obtained from the collection, and
also it will receive cache updates/invalidates based on events.

The check for class change was invalid - on core-admin-client side we
have just one QubesVM class with 'klass' attribute. This leads to VM
objects being disconnected from VMCollection and stale properties cache
there (because they no longer receive events).

Fix the check.

And also add a test if indeed the same object is returned.
2020-07-14 16:10:49 +02:00
Marek Marczykowski-Górecki
79c7392424
Cache power state when caching is enabled
Power state changes are signaled with events too, so it is possible to
cache it and update/invalidate cache with events.
Additionally, admin.vm.List returns a power state, so the cache can be
populated early. This in particular greatly improves qvm-ls performance -
eliminate admin.vm.CurrentState call at all.

QubesOS/qubes-issues#3293
2020-05-22 19:28:51 +02:00
Marek Marczykowski-Górecki
bfe1a3d541
Adjust for changed qubesd socket protocol
The socket protocol is adjusted to match qrexec socket service protocol.

QubesOS/qubes-issues#3293
2020-05-22 19:01:24 +02:00
Marek Marczykowski-Górecki
1d1289619c
Implement a wrapper for dom0 -> dom0 qrexec calls
Qrexec itself does not support  loopback calls. Since a call into dom0
is a common case for GUIVM (which may be dom0) to do, add a convenient
handling inside vm.run_service() function.

Fixes QubesOS/qubes-issues#5140
2020-05-22 19:01:24 +02:00
Marek Marczykowski-Górecki
218d43a2e0
Add simple properties caching
Reduce Admin API calls by caching returned values. The cache is not
enabled by default, because it could result in stale values being
returned. It can be enabled by setting 'cache_enabled' to True on
Qubes() object. This is safe in two cases:
 - the application don't care about changed values - like a short-lived
   process that retrieve values once (for example qvm-ls)
 - the application listen for events and invalidate cache when property
   is changed

For the second case, invalidating the cache on appropriate event
(property-set:*, property-reset:*) is done before calling other event
handlers. This is because the event may try to access the property value
(not necessary from the event arguments), so we need to be sure it will
see the new value.

Fixes QubesOS/qubes-issues#5415
2020-05-22 18:59:44 +02:00
Marta Marczykowska-Górecka
c0a8c6528a
Cloning a vm now clones persistent PCI device assignments
fixes QubesOS/qubes-issues#4992
2020-03-30 15:48:53 +02:00
Pawel Marczewski
9cf05e5180
Import data using ImportWithSize call, not manual resizing
See the API call in QubesOS/qubes-core-admin#309.
2020-01-23 10:29:50 +01:00
Frédéric Pierret (fepitre)
03bc15dd38
app: switch get_local_name method to property 2019-10-20 21:19:16 +02:00
Frédéric Pierret (fepitre)
8a27c1919f
app: get_local_name set/from self attribute 2019-10-20 19:20:40 +02:00
Frédéric Pierret (fepitre)
40d9696b90
app: fix missing docstring for get_local_name 2019-10-20 17:41:41 +02:00
Frédéric Pierret (fepitre)
6b4a99f83f
qvm-start-gui: handle GuiVM 2019-10-20 15:37:57 +02:00
Frédéric Pierret (fepitre)
a5102d752f
Make PEP8 happier 2019-10-20 13:31:40 +02:00
Marek Marczykowski-Górecki
98260ff148
Add run_service(..., autostart=False) argument
This allows to run a service but do not cause a qube to be started it
isn't already running. This is especially useful for background /
internal calls designed to service a running target VM - if VM is not
running, those do not make sense to be called in the first place.

Specifically, this will allow qvm-start-gui to avoid re-starting a
domain while calling qubes.NotifyMonitorLayout, when a VM is shutdown
shortly after its startup.
2019-09-26 19:21:07 +02:00
Marek Marczykowski-Górecki
1fcb031192
Add support for run_service(..., filter_esc=True) in a VM
Since qrexec-client-vm got support for filtering escape characters, use
it here too.

QubesOS/qubes-issues#5322
2019-09-21 04:55:18 +02:00
Frédéric Pierret (fepitre)
3dce4e9742
qubesadmin: define methods list_vmclass and list_devicesclass
Adapt also previous direct calls of qubesdb

QubesOS/qubes-issues#5213
2019-08-10 22:08:31 +02:00
Frédéric Pierret (fepitre)
a982e1e538
qubesadmin: make PEP8 happy 2019-08-10 19:03:41 +02:00
Marek Marczykowski-Górecki
b8ddb39752
Allow app.domains[vm] where vm is a QubesVM object
Similar as in the core-admin API.
2019-06-25 06:28:00 +02:00
Marek Marczykowski-Górecki
9061169f90
Merge branch 'devel-20181206' 2018-12-09 18:08:25 +01:00
Marek Marczykowski-Górecki
0bb35193b4
doc: fix rst syntax in documentation, including docstrings 2018-12-08 23:53:55 +01:00
Marek Marczykowski-Górecki
4a727f1dfa
Merge remote-tracking branch 'origin/pr/85'
* origin/pr/85:
  isinstance instead of type
  reverted to comparing .index
  forgot braces
  forgot braces
  get_label now accepts integer and has correct return-type
2018-12-08 12:28:36 +01:00
GammaSQ
2c836c5adc
isinstance instead of type 2018-12-08 12:00:15 +01:00
Marek Marczykowski-Górecki
e827e47926
Clone VM's volume into the same pool, unless overridden specifically
When cloning VM, create it in the same pool as the source one.
Previously it always used default pool, which means for example renaming
a VM in non-default pool moved it back to the default one.

Fixes QubesOS/qubes-issues#4145
Fixes QubesOS/qubes-issues#4523
2018-12-08 00:44:18 +01:00
GammaSQ
aebc944704
reverted to comparing .index 2018-12-04 09:40:54 +01:00
Marek Marczykowski-Górecki
86fe230092
Clarify QubesBase(), Qubes() and QubesLocal/QubesRemote usage
Add note in QubesBase docstring it shouldn't be used directly.
Additionally add base qubesd_call and run_service methods raising
NotImplementedError with helpful message. Lack of qubesd_call in
QubesBase leads to infinite recursion, because one in PropertyHolder
calls itself then.

Fixes QubesOS/qubes-issues#4568
2018-12-03 23:09:23 +01:00
GammaSQ
39c2c7bcd2
forgot braces 2018-12-03 15:55:21 +01:00
GammaSQ
2e637b5631
get_label now accepts integer and has correct return-type 2018-12-03 15:29:06 +01:00
Marek Marczykowski-Górecki
3d53e7e310
Code style fix 2018-10-29 05:27:05 +01:00
Marek Marczykowski-Górecki
67897e3f9f
Copy application menu on VM clone
The qubesd daemon have no information about clone source - from that
side it looks like a new VM.  This means application menu is created as
for a new VM.
To fix this re-initialize menu with --source option as part of the clone
operation. It will copy both list of available applications (if
applicable) and selected applications.

This fixes both qvm-clone case and rename.

Fixes QubesOS/qubes-issues#3902
Fixes QubesOS/qubes-issues#4124
2018-10-29 05:27:05 +01:00
Marek Marczykowski-Górecki
4ca6c32e6c
app: add option to ignore select volumes on app.clone_vm()
QubesOS/qubes-issues#3793
2018-10-18 02:43:09 +02:00
Marek Marczykowski-Górecki
a481490d60
app: fix error reporting when connection to qubesd fails
Properly report QubesDaemonCommunicationError, instead of confusing
IOError or FileNotFoundError
2018-07-14 03:31:03 +02:00
Marek Marczykowski-Górecki
0caf6f735d
Fix reporting events even if its source is not available anymore
This is especially the case for domain-shutdown event for DispVM - when
handled, DispVM can be already removed. Give the handled VM object even
if actual VM is already removed. For this, avoid VM existence check by
using domains.get_blind() method.

And actually implement domains.get_blind() method - it was present only
in generic collection, but not VMCollection.
2018-06-27 02:24:02 +02:00
Marek Marczykowski-Górecki
c98b33bcd6
vm/DispVM: use 'qrexec_timeout' also for call connection timeout
When calling a service in DispVM, the connection is established only
after session is ready (if required for given service). qrexec-client by
default use 5s here, which is too low depending on hardware. Use
'qrexec_timeout' property here for DispVM case.

Fixes QubesOS/qubes-issues#3012
2018-01-14 18:36:24 +00:00
Christopher Laprise
7a9b0c232c
Avoid cloning installed_by_rpm 2018-01-03 05:07:57 -05:00
Jean-Philippe Ouellet
87230fc042
Stop leaking terminal escapes via stderr
This restores Qubes R3.2 behavior

Before this patch, the following:

    qvm-run -p sys-firewall 'echo -e "\e[0;46mcyan!" >&2' | wc -l

leaks the escape sequences through to the dom0 terminal via stderr,
in this case demonstrated by the ability to change the text color while
it should be fixed to red.

This can also be abused with xterm reporting sequences to cause input
to be sent to the dom0 terminal. This is potentially a security issue.
2017-11-20 23:33:44 -05:00
Marek Marczykowski-Górecki
c87820fba8
Drop individual VM classes as python types completely
Since those are unused now, remove them from the source, so it is easier
to debug the code (avoid never matching isinstance(...)).
2017-10-02 21:12:16 +02:00
Marek Marczykowski-Górecki
edcaed537a
Always use QubesVM objects, instead of AppVM/TemplateVM etc
Very few calls at client side really needs VM class name. So, even in
non-blind mode use just QubesVM class, to avoid strange cases depending
on blind mode being enabled or not. Then, have VM class name in 'klass'
property. If known at object creation time, cache it, otherwise query
qubesd at first access.
2017-10-02 21:12:16 +02:00
Marek Marczykowski-Górecki
b28ddb6621
Implement "blind mode" to avoid listing objects
This allows to perform actions on objects (VM, storage etc), without
listing them. This is useful when calling VM have minimal permissions
and only selected actions are allowed.

This means that app.domains['some-name'] will not raise KeyError, even
when domain do not exists. But performing actual action (like
vm.start()) will fail in that case.
2017-09-20 20:18:59 +02:00
Marek Marczykowski-Górecki
7d25f1bf2b
app: add VMCollection.values()
Let it behave more like a dict()
2017-08-09 04:04:26 +02:00
Marek Marczykowski-Górecki
ca399c1a5a
app: call admin.vm.volume.Import as root
This is needed to write LVM data.
2017-07-17 20:28:23 +02:00
Marek Marczykowski-Górecki
68ed06a200
Don't try to set 'created-by-' tag when cloning VM
This tag can't be set from outside of qubesd.
2017-07-14 04:14:46 +02:00
Marek Marczykowski-Górecki
e6149b09ce
Fix VM creation with default template
Fixes QubesOS/qubes-issues#2866
2017-07-08 00:08:19 +02:00
Marek Marczykowski-Górecki
a2d9303ea9
app: fix policy deny reporting when running in VM
qrexec-client-vm non-zero exit code means policy have denied the call.
Treat this exactly the same as empty response (in dom0 case).
2017-07-05 14:16:31 +02:00
Marek Marczykowski-Górecki
942e122d27
firewall: drop GetPolicy/SetPolicy calls
Firewall policy is now hardcoded to 'drop'. Keep the property, so anyone
trying to assign it will get an exception

QubesOS/qubes-issues#2869
2017-07-05 14:16:30 +02:00
Marek Marczykowski-Górecki
ade5083e5e
app: do not clone 'uuid' property
Cloned VM have new UUID
2017-07-05 14:16:30 +02:00
Marek Marczykowski-Górecki
bcd026d141
Implement VM clone as create + copy data+metadata
This way we don't need separate admin.vm.Clone call, which is tricky to
handler properly with policy.
A VM may not have access to all the properties and other metadata, so
add ignore_errors argument, for best-effort approach (copy what is
possible). In any case, failure of cloning VM data fails the whole
operation.
When operation fails, VM is removed.

While at it, allow to specify alternative VM class - this allows
morphing one VM into another (for example AppVM -> StandaloneVM).

Adjust qvm-clone tool and tests accordingly.

QubesOS/qubes-issues#2622
2017-06-20 01:34:18 +02:00
Wojtek Porczyk
0a556fad8c app: close payload_stream in qubesd_call
This is to prevent leaking file descriptors.

QubesOS/qubes-issues#2622
2017-05-26 19:09:29 +02:00
Marek Marczykowski-Górecki
93d7249ef0
Make VMCollection return sorted VM list on iteration
This makes it much easier to write tests...
2017-05-26 00:42:48 +02:00
Marek Marczykowski-Górecki
6f99e871cf
Clear VM cache after adding new VM
If cache was already populated, trying to reference newly created VM
would fail as it isn't the cache.
2017-05-26 00:42:47 +02:00
Marek Marczykowski-Górecki
0b2f7ac958
Add efficient method to handle large payloads for Admin API methods
Add qubesd_call(..., payload_stream=...) argument to allow streaming
payload directly from some file/process stdout. This is mainly (only?)
useful for admin.vm.volume.Import, where disk volume raw data is passed
to the service.
2017-05-26 00:42:46 +02:00