Rules will be reset to a single 'accept' line, which is something
that the GUI tools like. It's an easy way to get out of CLI firewall
modifications if someone wants to go back to using GUI for them.
fixesQubesOS/qubes-issues#4710
The code assumes that QubesVMInUseError is thrown for a failed
dependency check, but there are also other reasons. We need to
handle the case when dependency list is empty, and also display
the original message.
See also QubesOS/qubes-core-admin#308 for which this was needed.
* origin/pr/124:
Add missing docstrings
Add a test for vm.get_mem()
Update tests to mock admin.vm.CurrentState
qvm-ls: display memory as integer number
Use admin.vm.CurrentState method for power state and memory
FixesQubesOS/qubes-issues#5166
qvm-shutdown with the --wait option checks if the machine
state is 'Halted', but a disposable VM is usually deleted by
the time of the final check, resulting in a non-zero exit code.
This change handles properly disposable VMs, and makes sure
we always output an error message when finishing with a non-zero
exit code.
FixesQubesOS/qubes-issues#5245.
Depends on the method introduced in QubesOS/qubes-core-admin#307.
Adding the get_mem() method using the same CurrentState admin
method also fixes the bug with qvm-ls not showing memory, see
QubesOS/qubes-issues#5166.
Due to strangeness of KeyError (it overrrides str method) in some
cases exceptions received superflous quotation marks when inheriting
from it.
fixesQubesOS/qubes-issues#5106
* origin/pr/111:
Add tests for --tree option of qvm-ls
Sort domains in network tree list
network tree manpage entry added
added feature to list domains as network tree
This change introduces a complete rewrite of the argument parser for the `qvm-pool` tool.
As suggested by @marmarek in qubes-issues#5407, the goal is to be consistent with other tools such as `qvm-device`, `qvm-volume` etc.
(resolvesQubesOS/qubes-issues#5407)
If the VM is powered off shortly after startup, it may happen that
qubes.SetMonitorLayout would start it again. Avoid this by using
autostart=False argument to run_service() function.
Note that there is a vm.is_running() check at the beginning of the
function already, but if it happens while the VM is cleaned up, it may
still report that it's running, but at the time of run_service() call it
is not.
This allows to run a service but do not cause a qube to be started it
isn't already running. This is especially useful for background /
internal calls designed to service a running target VM - if VM is not
running, those do not make sense to be called in the first place.
Specifically, this will allow qvm-start-gui to avoid re-starting a
domain while calling qubes.NotifyMonitorLayout, when a VM is shutdown
shortly after its startup.
Previous commit introduced protection against uncommon (potentially
malicious) compression filters. This breaks restoring backups made with
a custom compression filter. Add an option to override this check, by
naming compression filter to use explicitly.
Compression filter named in a backup header is executed in restore
environment (commonly dom0). While this field is properly authenticated,
there may be cases where backup archive comes from less
trusted source, like migrating from potentially compromised
system.
Modify backup header parsing code to add field specific validators.
Whitelist only know crypto, hmac and compression algorithms.
Based on a patch by Jean-Philippe Ouellet <jpo@vt.edu>
Reported-by: Jean-Philippe Ouellet <jpo@vt.edu>
* origin/pr/99:
devices: add missing docstring for _get_device_classes
devices: make iteration device classes compatible with Python2
tools/qvm-device: make PEP8 happy
tests/devices: add test for handling listing device classes
tests/devices: make PEP8 happy
devices: handle listing of available device classes
devices: make PEP8 happy
Add support for importing volume data with qvm-volume tool.
This could be also used to clear volume by issuing:
qvm-volume import --no-resize some-vm:private /dev/null
QubesOS/qubes-issues#5192
Reinstalling template is a recommended way to get it back to a clean
state after potential compromise. In that case it is essential to
discard any persistent storage of old template, as it could be used by
the attacker to re-compromise it after reinstall.
Do this similar as root volume is overridden - via volume import
function.
FixesQubesOS/qubes-issues#5192
Fix syntax workaround for python3.7 + python2.7. This code can't use
'yield from' to be still importable on python2.7, but asyncio.sleep() is
no longer iterable on python3.7. Workaround it by manually calling
coroutine.send(None) in a loop - ugly as hell, but works. I can't wait
until we could drop python2 support...
Addresses review comments, specifically:
* updates qvm-clone tests to handle ignore_errors option
* adds manpage reference to new --ignore-errors option
* trims line length in qvm-clone changes
All tests should now be passing, including the new qvm-clone
functionality.
