2014-10-22 02:14:25 +02:00
|
|
|
#!/usr/bin/python
|
2015-02-05 15:46:40 +01:00
|
|
|
# vim: fileencoding=utf-8
|
|
|
|
|
2014-10-22 02:14:25 +02:00
|
|
|
#
|
2015-02-05 15:46:40 +01:00
|
|
|
# The Qubes OS Project, https://www.qubes-os.org/
|
2014-10-22 02:14:25 +02:00
|
|
|
#
|
2015-02-05 15:46:40 +01:00
|
|
|
# Copyright (C) 2014-2015
|
|
|
|
# Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
|
|
|
|
# Copyright (C) 2015 Wojtek Porczyk <woju@invisiblethingslab.com>
|
2014-10-22 02:14:25 +02:00
|
|
|
#
|
2015-02-05 15:46:40 +01:00
|
|
|
# This program is free software; you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
|
|
# (at your option) any later version.
|
2014-10-22 02:14:25 +02:00
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
2015-02-05 15:46:40 +01:00
|
|
|
# You should have received a copy of the GNU General Public License along
|
|
|
|
# with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2014-10-22 02:14:25 +02:00
|
|
|
#
|
2015-03-19 23:17:34 +01:00
|
|
|
from distutils import spawn
|
2015-02-05 15:46:40 +01:00
|
|
|
|
2014-10-29 21:40:29 +01:00
|
|
|
import multiprocessing
|
2014-10-22 02:14:25 +02:00
|
|
|
import os
|
|
|
|
import subprocess
|
|
|
|
import unittest
|
|
|
|
import time
|
2014-10-29 21:40:29 +01:00
|
|
|
|
2015-02-09 06:18:57 +01:00
|
|
|
from qubes.qubes import QubesVmCollection, defaults, QubesException
|
2014-10-22 02:14:25 +02:00
|
|
|
|
2015-02-05 15:46:40 +01:00
|
|
|
import qubes.tests
|
2016-01-29 21:31:49 +01:00
|
|
|
import re
|
2014-10-22 02:14:25 +02:00
|
|
|
|
2014-10-29 21:40:29 +01:00
|
|
|
TEST_DATA = "0123456789" * 1024
|
|
|
|
|
2015-03-22 01:40:50 +01:00
|
|
|
class TC_00_AppVMMixin(qubes.tests.SystemTestsMixin):
|
2014-10-22 02:14:25 +02:00
|
|
|
def setUp(self):
|
2015-03-22 01:40:50 +01:00
|
|
|
super(TC_00_AppVMMixin, self).setUp()
|
2015-07-07 21:41:54 +02:00
|
|
|
self.testvm1 = self.qc.add_new_vm(
|
|
|
|
"QubesAppVm",
|
2015-02-05 15:46:40 +01:00
|
|
|
name=self.make_vm_name('vm1'),
|
2015-03-22 01:40:50 +01:00
|
|
|
template=self.qc.get_vm_by_name(self.template))
|
2014-10-29 21:38:54 +01:00
|
|
|
self.testvm1.create_on_disk(verbose=False)
|
2015-07-07 21:41:54 +02:00
|
|
|
self.testvm2 = self.qc.add_new_vm(
|
|
|
|
"QubesAppVm",
|
2015-02-05 15:46:40 +01:00
|
|
|
name=self.make_vm_name('vm2'),
|
2015-03-22 01:40:50 +01:00
|
|
|
template=self.qc.get_vm_by_name(self.template))
|
2014-10-29 21:38:54 +01:00
|
|
|
self.testvm2.create_on_disk(verbose=False)
|
2015-07-08 01:20:25 +02:00
|
|
|
self.save_and_reload_db()
|
2015-02-22 01:26:38 +01:00
|
|
|
self.qc.unlock_db()
|
2015-07-08 01:20:25 +02:00
|
|
|
self.testvm1 = self.qc[self.testvm1.qid]
|
|
|
|
self.testvm2 = self.qc[self.testvm2.qid]
|
2014-10-22 02:14:25 +02:00
|
|
|
|
|
|
|
def test_000_start_shutdown(self):
|
2014-10-29 21:38:54 +01:00
|
|
|
self.testvm1.start()
|
|
|
|
self.assertEquals(self.testvm1.get_power_state(), "Running")
|
|
|
|
self.testvm1.shutdown()
|
2014-10-22 02:14:25 +02:00
|
|
|
|
|
|
|
shutdown_counter = 0
|
2014-10-29 21:38:54 +01:00
|
|
|
while self.testvm1.is_running():
|
2014-10-22 02:14:25 +02:00
|
|
|
if shutdown_counter > defaults["shutdown_counter_max"]:
|
|
|
|
self.fail("VM hanged during shutdown")
|
|
|
|
shutdown_counter += 1
|
|
|
|
time.sleep(1)
|
|
|
|
time.sleep(1)
|
2014-10-29 21:38:54 +01:00
|
|
|
self.assertEquals(self.testvm1.get_power_state(), "Halted")
|
2014-10-22 02:14:25 +02:00
|
|
|
|
2015-03-19 23:17:34 +01:00
|
|
|
@unittest.skipUnless(spawn.find_executable('xdotool'),
|
|
|
|
"xdotool not installed")
|
2015-10-27 23:16:37 +01:00
|
|
|
def test_010_run_xterm(self):
|
|
|
|
self.testvm1.start()
|
|
|
|
self.assertEquals(self.testvm1.get_power_state(), "Running")
|
|
|
|
self.testvm1.run("xterm")
|
|
|
|
wait_count = 0
|
2015-10-30 14:09:52 +01:00
|
|
|
title = 'user@{}'.format(self.testvm1.name)
|
|
|
|
if self.template.count("whonix"):
|
|
|
|
title = 'user@host'
|
2015-10-27 23:16:37 +01:00
|
|
|
while subprocess.call(
|
2015-10-30 14:09:52 +01:00
|
|
|
['xdotool', 'search', '--name', title],
|
2015-10-27 23:16:37 +01:00
|
|
|
stdout=open(os.path.devnull, 'w'),
|
|
|
|
stderr=subprocess.STDOUT) > 0:
|
|
|
|
wait_count += 1
|
|
|
|
if wait_count > 100:
|
2015-10-30 14:09:52 +01:00
|
|
|
self.fail("Timeout while waiting for xterm window")
|
2015-10-27 23:16:37 +01:00
|
|
|
time.sleep(0.1)
|
|
|
|
|
|
|
|
time.sleep(0.5)
|
|
|
|
subprocess.check_call(
|
2015-10-30 14:09:52 +01:00
|
|
|
['xdotool', 'search', '--name', title,
|
2015-10-27 23:16:37 +01:00
|
|
|
'windowactivate', 'type', 'exit\n'])
|
|
|
|
|
|
|
|
wait_count = 0
|
2015-10-30 14:09:52 +01:00
|
|
|
while subprocess.call(['xdotool', 'search', '--name', title],
|
2015-10-27 23:16:37 +01:00
|
|
|
stdout=open(os.path.devnull, 'w'),
|
|
|
|
stderr=subprocess.STDOUT) == 0:
|
|
|
|
wait_count += 1
|
|
|
|
if wait_count > 100:
|
2015-10-30 14:09:52 +01:00
|
|
|
self.fail("Timeout while waiting for xterm "
|
2015-10-27 23:16:37 +01:00
|
|
|
"termination")
|
|
|
|
time.sleep(0.1)
|
|
|
|
|
|
|
|
@unittest.skipUnless(spawn.find_executable('xdotool'),
|
|
|
|
"xdotool not installed")
|
|
|
|
def test_011_run_gnome_terminal(self):
|
|
|
|
if "minimal" in self.template:
|
|
|
|
self.skipTest("Minimal template doesn't have 'gnome-terminal'")
|
2014-10-29 21:38:54 +01:00
|
|
|
self.testvm1.start()
|
|
|
|
self.assertEquals(self.testvm1.get_power_state(), "Running")
|
|
|
|
self.testvm1.run("gnome-terminal")
|
2015-10-30 14:09:52 +01:00
|
|
|
title = 'user@{}'.format(self.testvm1.name)
|
|
|
|
if self.template.count("whonix"):
|
|
|
|
title = 'user@host'
|
2014-10-22 02:14:25 +02:00
|
|
|
wait_count = 0
|
2015-07-07 21:41:54 +02:00
|
|
|
while subprocess.call(
|
2015-10-30 14:09:52 +01:00
|
|
|
['xdotool', 'search', '--name', title],
|
2015-07-07 21:41:54 +02:00
|
|
|
stdout=open(os.path.devnull, 'w'),
|
|
|
|
stderr=subprocess.STDOUT) > 0:
|
2014-10-22 02:14:25 +02:00
|
|
|
wait_count += 1
|
|
|
|
if wait_count > 100:
|
|
|
|
self.fail("Timeout while waiting for gnome-terminal window")
|
|
|
|
time.sleep(0.1)
|
|
|
|
|
2014-10-29 21:38:54 +01:00
|
|
|
time.sleep(0.5)
|
2015-07-07 21:41:54 +02:00
|
|
|
subprocess.check_call(
|
2015-10-30 14:09:52 +01:00
|
|
|
['xdotool', 'search', '--name', title,
|
2015-07-07 21:41:54 +02:00
|
|
|
'windowactivate', 'type', 'exit\n'])
|
2014-10-22 02:14:25 +02:00
|
|
|
|
2015-10-27 23:16:37 +01:00
|
|
|
wait_count = 0
|
2015-10-30 14:09:52 +01:00
|
|
|
while subprocess.call(['xdotool', 'search', '--name', title],
|
2015-10-27 23:16:37 +01:00
|
|
|
stdout=open(os.path.devnull, 'w'),
|
|
|
|
stderr=subprocess.STDOUT) == 0:
|
|
|
|
wait_count += 1
|
|
|
|
if wait_count > 100:
|
|
|
|
self.fail("Timeout while waiting for gnome-terminal "
|
|
|
|
"termination")
|
|
|
|
time.sleep(0.1)
|
|
|
|
|
|
|
|
@unittest.skipUnless(spawn.find_executable('xdotool'),
|
|
|
|
"xdotool not installed")
|
|
|
|
def test_012_qubes_desktop_run(self):
|
|
|
|
self.testvm1.start()
|
|
|
|
self.assertEquals(self.testvm1.get_power_state(), "Running")
|
|
|
|
xterm_desktop_path = "/usr/share/applications/xterm.desktop"
|
|
|
|
# Debian has it different...
|
|
|
|
xterm_desktop_path_debian = \
|
|
|
|
"/usr/share/applications/debian-xterm.desktop"
|
|
|
|
if self.testvm1.run("test -r {}".format(xterm_desktop_path_debian),
|
|
|
|
wait=True) == 0:
|
|
|
|
xterm_desktop_path = xterm_desktop_path_debian
|
|
|
|
self.testvm1.run("qubes-desktop-run {}".format(xterm_desktop_path))
|
2015-10-30 14:09:52 +01:00
|
|
|
title = 'user@{}'.format(self.testvm1.name)
|
|
|
|
if self.template.count("whonix"):
|
|
|
|
title = 'user@host'
|
2015-10-27 23:16:37 +01:00
|
|
|
wait_count = 0
|
|
|
|
while subprocess.call(
|
2015-10-30 14:09:52 +01:00
|
|
|
['xdotool', 'search', '--name', title],
|
2015-10-27 23:16:37 +01:00
|
|
|
stdout=open(os.path.devnull, 'w'),
|
|
|
|
stderr=subprocess.STDOUT) > 0:
|
|
|
|
wait_count += 1
|
|
|
|
if wait_count > 100:
|
2015-10-30 14:09:52 +01:00
|
|
|
self.fail("Timeout while waiting for xterm window")
|
2015-10-27 23:16:37 +01:00
|
|
|
time.sleep(0.1)
|
|
|
|
|
|
|
|
time.sleep(0.5)
|
|
|
|
subprocess.check_call(
|
2015-10-30 14:09:52 +01:00
|
|
|
['xdotool', 'search', '--name', title,
|
2015-10-27 23:16:37 +01:00
|
|
|
'windowactivate', 'type', 'exit\n'])
|
|
|
|
|
2014-10-22 02:14:25 +02:00
|
|
|
wait_count = 0
|
2015-10-30 14:09:52 +01:00
|
|
|
while subprocess.call(['xdotool', 'search', '--name', title],
|
2015-07-07 21:41:54 +02:00
|
|
|
stdout=open(os.path.devnull, 'w'),
|
2014-10-22 02:14:25 +02:00
|
|
|
stderr=subprocess.STDOUT) == 0:
|
|
|
|
wait_count += 1
|
|
|
|
if wait_count > 100:
|
2015-10-30 14:09:52 +01:00
|
|
|
self.fail("Timeout while waiting for xterm "
|
2014-10-22 02:14:25 +02:00
|
|
|
"termination")
|
|
|
|
time.sleep(0.1)
|
|
|
|
|
2014-10-29 21:40:29 +01:00
|
|
|
def test_050_qrexec_simple_eof(self):
|
|
|
|
"""Test for data and EOF transmission dom0->VM"""
|
|
|
|
result = multiprocessing.Value('i', 0)
|
2015-07-07 21:41:54 +02:00
|
|
|
|
2014-10-29 21:40:29 +01:00
|
|
|
def run(self, result):
|
|
|
|
p = self.testvm1.run("cat", passio_popen=True,
|
2015-07-07 21:41:54 +02:00
|
|
|
passio_stderr=True)
|
2014-10-29 21:40:29 +01:00
|
|
|
|
|
|
|
(stdout, stderr) = p.communicate(TEST_DATA)
|
|
|
|
if stdout != TEST_DATA:
|
|
|
|
result.value = 1
|
|
|
|
if len(stderr) > 0:
|
|
|
|
result.value = 2
|
|
|
|
|
|
|
|
self.testvm1.start()
|
|
|
|
|
|
|
|
t = multiprocessing.Process(target=run, args=(self, result))
|
|
|
|
t.start()
|
|
|
|
t.join(timeout=10)
|
|
|
|
if t.is_alive():
|
|
|
|
t.terminate()
|
|
|
|
self.fail("Timeout, probably EOF wasn't transferred to the VM "
|
|
|
|
"process")
|
|
|
|
if result.value == 1:
|
|
|
|
self.fail("Received data differs from what was sent")
|
|
|
|
elif result.value == 2:
|
|
|
|
self.fail("Some data was printed to stderr")
|
|
|
|
|
2014-10-30 06:33:54 +01:00
|
|
|
def test_051_qrexec_simple_eof_reverse(self):
|
2014-10-29 21:40:29 +01:00
|
|
|
"""Test for EOF transmission VM->dom0"""
|
|
|
|
result = multiprocessing.Value('i', 0)
|
2015-07-07 21:41:54 +02:00
|
|
|
|
2014-10-29 21:40:29 +01:00
|
|
|
def run(self, result):
|
|
|
|
p = self.testvm1.run("echo test; exec >&-; cat > /dev/null",
|
|
|
|
passio_popen=True, passio_stderr=True)
|
|
|
|
# this will hang on test failure
|
|
|
|
stdout = p.stdout.read()
|
|
|
|
p.stdin.write(TEST_DATA)
|
|
|
|
p.stdin.close()
|
|
|
|
if stdout.strip() != "test":
|
|
|
|
result.value = 1
|
|
|
|
# this may hang in some buggy cases
|
|
|
|
elif len(p.stderr.read()) > 0:
|
|
|
|
result.value = 2
|
2015-02-19 03:54:57 +01:00
|
|
|
elif p.poll() is None:
|
|
|
|
time.sleep(1)
|
|
|
|
if p.poll() is None:
|
|
|
|
result.value = 3
|
2014-10-29 21:40:29 +01:00
|
|
|
|
|
|
|
self.testvm1.start()
|
|
|
|
|
|
|
|
t = multiprocessing.Process(target=run, args=(self, result))
|
|
|
|
t.start()
|
|
|
|
t.join(timeout=10)
|
|
|
|
if t.is_alive():
|
|
|
|
t.terminate()
|
|
|
|
self.fail("Timeout, probably EOF wasn't transferred from the VM "
|
|
|
|
"process")
|
|
|
|
if result.value == 1:
|
|
|
|
self.fail("Received data differs from what was expected")
|
|
|
|
elif result.value == 2:
|
|
|
|
self.fail("Some data was printed to stderr")
|
|
|
|
elif result.value == 3:
|
|
|
|
self.fail("VM proceess didn't terminated on EOF")
|
|
|
|
|
2014-10-30 06:33:54 +01:00
|
|
|
def test_052_qrexec_vm_service_eof(self):
|
|
|
|
"""Test for EOF transmission VM(src)->VM(dst)"""
|
|
|
|
result = multiprocessing.Value('i', 0)
|
2015-07-07 21:41:54 +02:00
|
|
|
|
2014-10-30 06:33:54 +01:00
|
|
|
def run(self, result):
|
|
|
|
p = self.testvm1.run("/usr/lib/qubes/qrexec-client-vm %s test.EOF "
|
|
|
|
"/bin/sh -c 'echo test; exec >&-; cat "
|
|
|
|
">&$SAVED_FD_1'" % self.testvm2.name,
|
|
|
|
passio_popen=True)
|
|
|
|
(stdout, stderr) = p.communicate()
|
|
|
|
if stdout != "test\n":
|
|
|
|
result.value = 1
|
|
|
|
|
|
|
|
self.testvm1.start()
|
|
|
|
self.testvm2.start()
|
|
|
|
p = self.testvm2.run("cat > /etc/qubes-rpc/test.EOF", user="root",
|
|
|
|
passio_popen=True)
|
|
|
|
p.stdin.write("/bin/cat")
|
|
|
|
p.stdin.close()
|
|
|
|
p.wait()
|
|
|
|
policy = open("/etc/qubes-rpc/policy/test.EOF", "w")
|
|
|
|
policy.write("%s %s allow" % (self.testvm1.name, self.testvm2.name))
|
|
|
|
policy.close()
|
|
|
|
self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.EOF")
|
|
|
|
|
|
|
|
t = multiprocessing.Process(target=run, args=(self, result))
|
|
|
|
t.start()
|
|
|
|
t.join(timeout=10)
|
|
|
|
if t.is_alive():
|
|
|
|
t.terminate()
|
|
|
|
self.fail("Timeout, probably EOF wasn't transferred")
|
|
|
|
if result.value == 1:
|
|
|
|
self.fail("Received data differs from what was expected")
|
|
|
|
|
2014-11-10 02:28:18 +01:00
|
|
|
@unittest.expectedFailure
|
2014-10-30 06:33:54 +01:00
|
|
|
def test_053_qrexec_vm_service_eof_reverse(self):
|
|
|
|
"""Test for EOF transmission VM(src)<-VM(dst)"""
|
|
|
|
result = multiprocessing.Value('i', 0)
|
2015-07-07 21:41:54 +02:00
|
|
|
|
2014-10-30 06:33:54 +01:00
|
|
|
def run(self, result):
|
|
|
|
p = self.testvm1.run("/usr/lib/qubes/qrexec-client-vm %s test.EOF "
|
|
|
|
"/bin/sh -c 'cat >&$SAVED_FD_1'"
|
2015-08-08 02:05:52 +02:00
|
|
|
% self.testvm2.name,
|
2014-10-30 06:33:54 +01:00
|
|
|
passio_popen=True)
|
|
|
|
(stdout, stderr) = p.communicate()
|
|
|
|
if stdout != "test\n":
|
|
|
|
result.value = 1
|
|
|
|
|
|
|
|
self.testvm1.start()
|
|
|
|
self.testvm2.start()
|
|
|
|
p = self.testvm2.run("cat > /etc/qubes-rpc/test.EOF", user="root",
|
|
|
|
passio_popen=True)
|
|
|
|
p.stdin.write("echo test; exec >&-; cat >/dev/null")
|
|
|
|
p.stdin.close()
|
|
|
|
p.wait()
|
|
|
|
policy = open("/etc/qubes-rpc/policy/test.EOF", "w")
|
|
|
|
policy.write("%s %s allow" % (self.testvm1.name, self.testvm2.name))
|
|
|
|
policy.close()
|
|
|
|
self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.EOF")
|
|
|
|
|
|
|
|
t = multiprocessing.Process(target=run, args=(self, result))
|
|
|
|
t.start()
|
|
|
|
t.join(timeout=10)
|
|
|
|
if t.is_alive():
|
|
|
|
t.terminate()
|
|
|
|
self.fail("Timeout, probably EOF wasn't transferred")
|
|
|
|
if result.value == 1:
|
|
|
|
self.fail("Received data differs from what was expected")
|
|
|
|
|
2015-08-08 02:06:03 +02:00
|
|
|
def test_055_qrexec_dom0_service_abort(self):
|
|
|
|
"""
|
|
|
|
Test if service abort (by dom0) is properly handled by source VM.
|
|
|
|
|
|
|
|
If "remote" part of the service terminates, the source part should
|
|
|
|
properly be notified. This includes closing its stdin (which is
|
|
|
|
already checked by test_053_qrexec_vm_service_eof_reverse), but also
|
|
|
|
its stdout - otherwise such service might hang on write(2) call.
|
|
|
|
"""
|
|
|
|
|
|
|
|
def run (src):
|
|
|
|
p = src.run("/usr/lib/qubes/qrexec-client-vm dom0 "
|
|
|
|
"test.Abort /bin/cat /dev/zero",
|
|
|
|
passio_popen=True)
|
|
|
|
|
|
|
|
p.communicate()
|
|
|
|
p.wait()
|
|
|
|
|
|
|
|
self.testvm1.start()
|
|
|
|
service = open("/etc/qubes-rpc/test.Abort", "w")
|
|
|
|
service.write("sleep 1")
|
|
|
|
service.close()
|
|
|
|
self.addCleanup(os.unlink, "/etc/qubes-rpc/test.Abort")
|
|
|
|
policy = open("/etc/qubes-rpc/policy/test.Abort", "w")
|
|
|
|
policy.write("%s dom0 allow" % (self.testvm1.name))
|
|
|
|
policy.close()
|
|
|
|
self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.Abort")
|
|
|
|
|
|
|
|
t = multiprocessing.Process(target=run, args=(self.testvm1,))
|
|
|
|
t.start()
|
|
|
|
t.join(timeout=10)
|
|
|
|
if t.is_alive():
|
|
|
|
t.terminate()
|
|
|
|
self.fail("Timeout, probably stdout wasn't closed")
|
|
|
|
|
|
|
|
|
2015-02-09 06:08:48 +01:00
|
|
|
def test_060_qrexec_exit_code_dom0(self):
|
|
|
|
self.testvm1.start()
|
|
|
|
|
|
|
|
p = self.testvm1.run("exit 0", passio_popen=True)
|
|
|
|
p.wait()
|
|
|
|
self.assertEqual(0, p.returncode)
|
|
|
|
|
|
|
|
p = self.testvm1.run("exit 3", passio_popen=True)
|
|
|
|
p.wait()
|
|
|
|
self.assertEqual(3, p.returncode)
|
|
|
|
|
|
|
|
@unittest.expectedFailure
|
|
|
|
def test_065_qrexec_exit_code_vm(self):
|
|
|
|
self.testvm1.start()
|
|
|
|
self.testvm2.start()
|
|
|
|
|
|
|
|
policy = open("/etc/qubes-rpc/policy/test.Retcode", "w")
|
|
|
|
policy.write("%s %s allow" % (self.testvm1.name, self.testvm2.name))
|
|
|
|
policy.close()
|
|
|
|
self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.Retcode")
|
|
|
|
|
|
|
|
p = self.testvm2.run("cat > /etc/qubes-rpc/test.Retcode", user="root",
|
|
|
|
passio_popen=True)
|
|
|
|
p.stdin.write("exit 0")
|
|
|
|
p.stdin.close()
|
|
|
|
p.wait()
|
|
|
|
|
|
|
|
p = self.testvm1.run("/usr/lib/qubes/qrexec-client-vm %s test.Retcode "
|
|
|
|
"/bin/sh -c 'cat >/dev/null'; echo $?"
|
|
|
|
% self.testvm1.name,
|
|
|
|
passio_popen=True)
|
|
|
|
(stdout, stderr) = p.communicate()
|
|
|
|
self.assertEqual(stdout, "0\n")
|
|
|
|
|
|
|
|
p = self.testvm2.run("cat > /etc/qubes-rpc/test.Retcode", user="root",
|
|
|
|
passio_popen=True)
|
|
|
|
p.stdin.write("exit 3")
|
|
|
|
p.stdin.close()
|
|
|
|
p.wait()
|
|
|
|
|
|
|
|
p = self.testvm1.run("/usr/lib/qubes/qrexec-client-vm %s test.Retcode "
|
|
|
|
"/bin/sh -c 'cat >/dev/null'; echo $?"
|
|
|
|
% self.testvm1.name,
|
|
|
|
passio_popen=True)
|
|
|
|
(stdout, stderr) = p.communicate()
|
|
|
|
self.assertEqual(stdout, "3\n")
|
|
|
|
|
2015-10-25 15:23:12 +01:00
|
|
|
def test_070_qrexec_vm_simultaneous_write(self):
|
|
|
|
"""Test for simultaneous write in VM(src)->VM(dst) connection
|
|
|
|
|
|
|
|
This is regression test for #1347
|
|
|
|
|
|
|
|
Check for deadlock when initially both sides writes a lot of data
|
|
|
|
(and not read anything). When one side starts reading, it should
|
|
|
|
get the data and the remote side should be possible to write then more.
|
|
|
|
There was a bug where remote side was waiting on write(2) and not
|
|
|
|
handling anything else.
|
|
|
|
"""
|
|
|
|
result = multiprocessing.Value('i', -1)
|
|
|
|
|
|
|
|
def run(self):
|
|
|
|
p = self.testvm1.run(
|
|
|
|
"/usr/lib/qubes/qrexec-client-vm %s test.write "
|
|
|
|
"/bin/sh -c '"
|
|
|
|
# first write a lot of data to fill all the buffers
|
|
|
|
"dd if=/dev/zero bs=993 count=10000 iflag=fullblock & "
|
|
|
|
# then after some time start reading
|
|
|
|
"sleep 1; "
|
|
|
|
"dd of=/dev/null bs=993 count=10000 iflag=fullblock; "
|
|
|
|
"wait"
|
|
|
|
"'" % self.testvm2.name, passio_popen=True)
|
|
|
|
p.communicate()
|
|
|
|
result.value = p.returncode
|
|
|
|
|
|
|
|
self.testvm1.start()
|
|
|
|
self.testvm2.start()
|
|
|
|
p = self.testvm2.run("cat > /etc/qubes-rpc/test.write", user="root",
|
|
|
|
passio_popen=True)
|
|
|
|
# first write a lot of data
|
|
|
|
p.stdin.write("dd if=/dev/zero bs=993 count=10000 iflag=fullblock\n")
|
|
|
|
# and only then read something
|
|
|
|
p.stdin.write("dd of=/dev/null bs=993 count=10000 iflag=fullblock\n")
|
|
|
|
p.stdin.close()
|
|
|
|
p.wait()
|
|
|
|
policy = open("/etc/qubes-rpc/policy/test.write", "w")
|
|
|
|
policy.write("%s %s allow" % (self.testvm1.name, self.testvm2.name))
|
|
|
|
policy.close()
|
|
|
|
self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.write")
|
|
|
|
|
|
|
|
t = multiprocessing.Process(target=run, args=(self,))
|
|
|
|
t.start()
|
|
|
|
t.join(timeout=10)
|
|
|
|
if t.is_alive():
|
|
|
|
t.terminate()
|
|
|
|
self.fail("Timeout, probably deadlock")
|
|
|
|
self.assertEqual(result.value, 0, "Service call failed")
|
|
|
|
|
|
|
|
def test_071_qrexec_dom0_simultaneous_write(self):
|
|
|
|
"""Test for simultaneous write in dom0(src)->VM(dst) connection
|
|
|
|
|
|
|
|
Similar to test_070_qrexec_vm_simultaneous_write, but with dom0
|
|
|
|
as a source.
|
|
|
|
"""
|
|
|
|
result = multiprocessing.Value('i', -1)
|
|
|
|
|
|
|
|
def run(self):
|
|
|
|
result.value = self.testvm2.run_service(
|
|
|
|
"test.write", localcmd="/bin/sh -c '"
|
|
|
|
# first write a lot of data to fill all the buffers
|
|
|
|
"dd if=/dev/zero bs=993 count=10000 iflag=fullblock & "
|
|
|
|
# then after some time start reading
|
|
|
|
"sleep 1; "
|
|
|
|
"dd of=/dev/null bs=993 count=10000 iflag=fullblock; "
|
|
|
|
"wait"
|
|
|
|
"'")
|
|
|
|
|
|
|
|
self.testvm2.start()
|
|
|
|
p = self.testvm2.run("cat > /etc/qubes-rpc/test.write", user="root",
|
|
|
|
passio_popen=True)
|
|
|
|
# first write a lot of data
|
|
|
|
p.stdin.write("dd if=/dev/zero bs=993 count=10000 iflag=fullblock\n")
|
|
|
|
# and only then read something
|
|
|
|
p.stdin.write("dd of=/dev/null bs=993 count=10000 iflag=fullblock\n")
|
|
|
|
p.stdin.close()
|
|
|
|
p.wait()
|
|
|
|
policy = open("/etc/qubes-rpc/policy/test.write", "w")
|
|
|
|
policy.write("%s %s allow" % (self.testvm1.name, self.testvm2.name))
|
|
|
|
policy.close()
|
|
|
|
self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.write")
|
|
|
|
|
|
|
|
t = multiprocessing.Process(target=run, args=(self,))
|
|
|
|
t.start()
|
|
|
|
t.join(timeout=10)
|
|
|
|
if t.is_alive():
|
|
|
|
t.terminate()
|
|
|
|
self.fail("Timeout, probably deadlock")
|
|
|
|
self.assertEqual(result.value, 0, "Service call failed")
|
|
|
|
|
|
|
|
def test_072_qrexec_to_dom0_simultaneous_write(self):
|
|
|
|
"""Test for simultaneous write in dom0(src)<-VM(dst) connection
|
|
|
|
|
|
|
|
Similar to test_071_qrexec_dom0_simultaneous_write, but with dom0
|
|
|
|
as a "hanging" side.
|
|
|
|
"""
|
|
|
|
result = multiprocessing.Value('i', -1)
|
|
|
|
|
|
|
|
def run(self):
|
|
|
|
result.value = self.testvm2.run_service(
|
|
|
|
"test.write", localcmd="/bin/sh -c '"
|
|
|
|
# first write a lot of data to fill all the buffers
|
|
|
|
"dd if=/dev/zero bs=993 count=10000 iflag=fullblock "
|
|
|
|
# then, only when all written, read something
|
|
|
|
"dd of=/dev/null bs=993 count=10000 iflag=fullblock; "
|
|
|
|
"'")
|
|
|
|
|
|
|
|
self.testvm2.start()
|
|
|
|
p = self.testvm2.run("cat > /etc/qubes-rpc/test.write", user="root",
|
|
|
|
passio_popen=True)
|
|
|
|
# first write a lot of data
|
|
|
|
p.stdin.write("dd if=/dev/zero bs=993 count=10000 iflag=fullblock &\n")
|
|
|
|
# and only then read something
|
|
|
|
p.stdin.write("dd of=/dev/null bs=993 count=10000 iflag=fullblock\n")
|
|
|
|
p.stdin.write("sleep 1; \n")
|
|
|
|
p.stdin.write("wait\n")
|
|
|
|
p.stdin.close()
|
|
|
|
p.wait()
|
|
|
|
policy = open("/etc/qubes-rpc/policy/test.write", "w")
|
|
|
|
policy.write("%s %s allow" % (self.testvm1.name, self.testvm2.name))
|
|
|
|
policy.close()
|
|
|
|
self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.write")
|
|
|
|
|
|
|
|
t = multiprocessing.Process(target=run, args=(self,))
|
|
|
|
t.start()
|
|
|
|
t.join(timeout=10)
|
|
|
|
if t.is_alive():
|
|
|
|
t.terminate()
|
|
|
|
self.fail("Timeout, probably deadlock")
|
|
|
|
self.assertEqual(result.value, 0, "Service call failed")
|
|
|
|
|
2014-10-22 02:14:25 +02:00
|
|
|
def test_100_qrexec_filecopy(self):
|
2014-10-29 21:38:54 +01:00
|
|
|
self.testvm1.start()
|
|
|
|
self.testvm2.start()
|
2016-03-27 19:25:17 +02:00
|
|
|
self.qrexec_policy('qubes.Filecopy', self.testvm1.name,
|
|
|
|
self.testvm2.name)
|
2014-10-29 21:38:54 +01:00
|
|
|
p = self.testvm1.run("qvm-copy-to-vm %s /etc/passwd" %
|
2015-07-07 21:41:54 +02:00
|
|
|
self.testvm2.name, passio_popen=True,
|
|
|
|
passio_stderr=True)
|
2014-10-22 02:14:25 +02:00
|
|
|
p.wait()
|
|
|
|
self.assertEqual(p.returncode, 0, "qvm-copy-to-vm failed: %s" %
|
|
|
|
p.stderr.read())
|
2014-10-29 21:38:54 +01:00
|
|
|
retcode = self.testvm2.run("diff /etc/passwd "
|
2015-07-07 21:41:54 +02:00
|
|
|
"/home/user/QubesIncoming/{}/passwd".format(
|
|
|
|
self.testvm1.name),
|
|
|
|
wait=True)
|
2014-10-22 02:14:25 +02:00
|
|
|
self.assertEqual(retcode, 0, "file differs")
|
|
|
|
|
2015-12-28 01:07:48 +01:00
|
|
|
def test_101_qrexec_filecopy_with_autostart(self):
|
|
|
|
self.testvm1.start()
|
2016-03-27 19:25:17 +02:00
|
|
|
self.qrexec_policy('qubes.Filecopy', self.testvm1.name,
|
|
|
|
self.testvm2.name)
|
2015-12-28 01:07:48 +01:00
|
|
|
p = self.testvm1.run("qvm-copy-to-vm %s /etc/passwd" %
|
|
|
|
self.testvm2.name, passio_popen=True,
|
|
|
|
passio_stderr=True)
|
|
|
|
p.wait()
|
|
|
|
self.assertEqual(p.returncode, 0, "qvm-copy-to-vm failed: %s" %
|
|
|
|
p.stderr.read())
|
2016-01-07 02:55:20 +01:00
|
|
|
# workaround for libvirt bug (domain ID isn't updated when is started
|
|
|
|
# from other application) - details in
|
|
|
|
# QubesOS/qubes-core-libvirt@63ede4dfb4485c4161dd6a2cc809e8fb45ca664f
|
|
|
|
self.testvm2._libvirt_domain = None
|
2015-12-28 01:07:48 +01:00
|
|
|
self.assertTrue(self.testvm2.is_running())
|
|
|
|
retcode = self.testvm2.run("diff /etc/passwd "
|
|
|
|
"/home/user/QubesIncoming/{}/passwd".format(
|
|
|
|
self.testvm1.name),
|
|
|
|
wait=True)
|
|
|
|
self.assertEqual(retcode, 0, "file differs")
|
|
|
|
|
2014-10-22 02:14:25 +02:00
|
|
|
def test_110_qrexec_filecopy_deny(self):
|
2014-10-29 21:38:54 +01:00
|
|
|
self.testvm1.start()
|
|
|
|
self.testvm2.start()
|
2016-03-27 19:25:17 +02:00
|
|
|
self.qrexec_policy('qubes.Filecopy', self.testvm1.name,
|
|
|
|
self.testvm2.name, allow=False)
|
2014-10-29 21:38:54 +01:00
|
|
|
p = self.testvm1.run("qvm-copy-to-vm %s /etc/passwd" %
|
2015-07-07 21:41:54 +02:00
|
|
|
self.testvm2.name, passio_popen=True)
|
2014-10-22 02:14:25 +02:00
|
|
|
p.wait()
|
2015-02-09 06:08:48 +01:00
|
|
|
self.assertNotEqual(p.returncode, 0, "qvm-copy-to-vm unexpectedly "
|
2015-07-07 21:41:54 +02:00
|
|
|
"succeeded")
|
2014-10-29 21:38:54 +01:00
|
|
|
retcode = self.testvm1.run("ls /home/user/QubesIncoming/%s" %
|
2015-07-07 21:41:54 +02:00
|
|
|
self.testvm1.name, wait=True,
|
|
|
|
ignore_stderr=True)
|
2015-02-09 06:08:48 +01:00
|
|
|
self.assertNotEqual(retcode, 0, "QubesIncoming exists although file "
|
2015-07-07 21:41:54 +02:00
|
|
|
"copy was denied")
|
2014-10-29 21:38:54 +01:00
|
|
|
|
2015-02-09 22:09:15 +01:00
|
|
|
@unittest.skip("Xen gntalloc driver crashes when page is mapped in the "
|
|
|
|
"same domain")
|
2014-10-29 21:38:54 +01:00
|
|
|
def test_120_qrexec_filecopy_self(self):
|
|
|
|
self.testvm1.start()
|
2016-03-27 19:25:17 +02:00
|
|
|
self.qrexec_policy('qubes.Filecopy', self.testvm1.name,
|
|
|
|
self.testvm1.name)
|
2014-10-29 21:38:54 +01:00
|
|
|
p = self.testvm1.run("qvm-copy-to-vm %s /etc/passwd" %
|
2015-07-07 21:41:54 +02:00
|
|
|
self.testvm1.name, passio_popen=True,
|
|
|
|
passio_stderr=True)
|
2014-10-29 21:38:54 +01:00
|
|
|
p.wait()
|
|
|
|
self.assertEqual(p.returncode, 0, "qvm-copy-to-vm failed: %s" %
|
|
|
|
p.stderr.read())
|
2015-07-07 21:41:54 +02:00
|
|
|
retcode = self.testvm1.run(
|
|
|
|
"diff /etc/passwd /home/user/QubesIncoming/{}/passwd".format(
|
|
|
|
self.testvm1.name),
|
|
|
|
wait=True)
|
2014-10-29 21:38:54 +01:00
|
|
|
self.assertEqual(retcode, 0, "file differs")
|
|
|
|
|
2015-11-25 01:19:42 +01:00
|
|
|
@unittest.skipUnless(spawn.find_executable('xdotool'),
|
|
|
|
"xdotool not installed")
|
|
|
|
def test_130_qrexec_filemove_disk_full(self):
|
|
|
|
self.testvm1.start()
|
|
|
|
self.testvm2.start()
|
2016-03-27 19:25:17 +02:00
|
|
|
self.qrexec_policy('qubes.Filecopy', self.testvm1.name,
|
|
|
|
self.testvm2.name)
|
2015-11-25 01:19:42 +01:00
|
|
|
# Prepare test file
|
|
|
|
prepare_cmd = ("yes teststring | dd of=testfile bs=1M "
|
|
|
|
"count=50 iflag=fullblock")
|
|
|
|
retcode = self.testvm1.run(prepare_cmd, wait=True)
|
|
|
|
if retcode != 0:
|
|
|
|
raise RuntimeError("Failed '{}' in {}".format(prepare_cmd,
|
|
|
|
self.testvm1.name))
|
|
|
|
# Prepare target directory with limited size
|
|
|
|
prepare_cmd = (
|
|
|
|
"mkdir -p /home/user/QubesIncoming && "
|
|
|
|
"chown user /home/user/QubesIncoming && "
|
|
|
|
"mount -t tmpfs none /home/user/QubesIncoming -o size=48M"
|
|
|
|
)
|
|
|
|
retcode = self.testvm2.run(prepare_cmd, user="root", wait=True)
|
|
|
|
if retcode != 0:
|
|
|
|
raise RuntimeError("Failed '{}' in {}".format(prepare_cmd,
|
|
|
|
self.testvm2.name))
|
|
|
|
p = self.testvm1.run("qvm-move-to-vm %s testfile" %
|
|
|
|
self.testvm2.name, passio_popen=True,
|
|
|
|
passio_stderr=True)
|
|
|
|
# Close GUI error message
|
|
|
|
self.enter_keys_in_window('Error', ['Return'])
|
|
|
|
p.wait()
|
2016-01-07 02:20:07 +01:00
|
|
|
self.assertNotEqual(p.returncode, 0, "qvm-move-to-vm should fail")
|
2015-11-25 01:19:42 +01:00
|
|
|
retcode = self.testvm1.run("test -f testfile", wait=True)
|
|
|
|
self.assertEqual(retcode, 0, "testfile should not be deleted in "
|
|
|
|
"source VM")
|
|
|
|
|
2015-06-27 04:47:27 +02:00
|
|
|
def test_200_timezone(self):
|
|
|
|
"""Test whether timezone setting is properly propagated to the VM"""
|
|
|
|
if "whonix" in self.template:
|
2015-06-27 05:05:34 +02:00
|
|
|
self.skipTest("Timezone propagation disabled on Whonix templates")
|
2015-06-27 04:47:27 +02:00
|
|
|
|
|
|
|
self.testvm1.start()
|
|
|
|
(vm_tz, _) = self.testvm1.run("date +%Z",
|
|
|
|
passio_popen=True).communicate()
|
|
|
|
(dom0_tz, _) = subprocess.Popen(["date", "+%Z"],
|
|
|
|
stdout=subprocess.PIPE).communicate()
|
|
|
|
self.assertEqual(vm_tz.strip(), dom0_tz.strip())
|
|
|
|
|
|
|
|
# Check if reverting back to UTC works
|
|
|
|
(vm_tz, _) = self.testvm1.run("TZ=UTC date +%Z",
|
|
|
|
passio_popen=True).communicate()
|
|
|
|
self.assertEqual(vm_tz.strip(), "UTC")
|
|
|
|
|
2015-07-08 01:21:13 +02:00
|
|
|
def test_210_time_sync(self):
|
|
|
|
"""Test time synchronization mechanism"""
|
|
|
|
self.testvm1.start()
|
|
|
|
self.testvm2.start()
|
|
|
|
(start_time, _) = subprocess.Popen(["date", "-u", "+%s"],
|
|
|
|
stdout=subprocess.PIPE).communicate()
|
2015-11-03 02:46:03 +01:00
|
|
|
original_clockvm = self.qc.get_clockvm_vm()
|
|
|
|
if original_clockvm:
|
|
|
|
original_clockvm_name = original_clockvm.name
|
|
|
|
else:
|
|
|
|
original_clockvm_name = "none"
|
2015-07-08 01:21:13 +02:00
|
|
|
try:
|
|
|
|
# use qubes-prefs to not hassle with qubes.xml locking
|
|
|
|
subprocess.check_call(["qubes-prefs", "-s", "clockvm",
|
|
|
|
self.testvm1.name])
|
|
|
|
# break vm and dom0 time, to check if qvm-sync-clock would fix it
|
|
|
|
subprocess.check_call(["sudo", "date", "-s",
|
|
|
|
"2001-01-01T12:34:56"],
|
|
|
|
stdout=open(os.devnull, 'w'))
|
|
|
|
retcode = self.testvm1.run("date -s 2001-01-01T12:34:56",
|
|
|
|
user="root", wait=True)
|
|
|
|
self.assertEquals(retcode, 0, "Failed to break the VM(1) time")
|
|
|
|
retcode = self.testvm2.run("date -s 2001-01-01T12:34:56",
|
|
|
|
user="root", wait=True)
|
|
|
|
self.assertEquals(retcode, 0, "Failed to break the VM(2) time")
|
|
|
|
retcode = subprocess.call(["qvm-sync-clock"])
|
|
|
|
self.assertEquals(retcode, 0,
|
|
|
|
"qvm-sync-clock failed with code {}".
|
|
|
|
format(retcode))
|
2016-02-23 16:20:18 +01:00
|
|
|
# qvm-sync-clock is asynchronous - it spawns qubes.SetDateTime
|
|
|
|
# service, send it timestamp value and exists without waiting for
|
|
|
|
# actual time set
|
|
|
|
time.sleep(1)
|
2015-07-08 01:21:13 +02:00
|
|
|
(vm_time, _) = self.testvm1.run("date -u +%s",
|
|
|
|
passio_popen=True).communicate()
|
2015-11-10 17:19:30 +01:00
|
|
|
self.assertAlmostEquals(int(vm_time), int(start_time), delta=30)
|
2015-07-08 01:21:13 +02:00
|
|
|
(vm_time, _) = self.testvm2.run("date -u +%s",
|
|
|
|
passio_popen=True).communicate()
|
2015-11-10 17:19:30 +01:00
|
|
|
self.assertAlmostEquals(int(vm_time), int(start_time), delta=30)
|
2015-07-08 01:21:13 +02:00
|
|
|
(dom0_time, _) = subprocess.Popen(["date", "-u", "+%s"],
|
|
|
|
stdout=subprocess.PIPE
|
|
|
|
).communicate()
|
2015-11-03 02:46:03 +01:00
|
|
|
self.assertAlmostEquals(int(dom0_time), int(start_time), delta=30)
|
2015-07-08 01:21:13 +02:00
|
|
|
|
|
|
|
except:
|
|
|
|
# reset time to some approximation of the real time
|
|
|
|
subprocess.Popen(["sudo", "date", "-u", "-s", "@" + start_time])
|
|
|
|
raise
|
|
|
|
finally:
|
|
|
|
subprocess.call(["qubes-prefs", "-s", "clockvm",
|
|
|
|
original_clockvm_name])
|
|
|
|
|
2015-11-07 04:22:03 +01:00
|
|
|
def test_250_resize_private_img(self):
|
|
|
|
"""
|
|
|
|
Test private.img resize, both offline and online
|
|
|
|
:return:
|
|
|
|
"""
|
|
|
|
# First offline test
|
|
|
|
self.testvm1.resize_private_img(4*1024**3)
|
|
|
|
self.testvm1.start()
|
2015-11-25 03:15:23 +01:00
|
|
|
df_cmd = '( df --output=size /rw || df /rw | awk \'{print $2}\' )|' \
|
|
|
|
'tail -n 1'
|
|
|
|
p = self.testvm1.run(df_cmd,
|
2015-11-07 04:22:03 +01:00
|
|
|
passio_popen=True)
|
|
|
|
# new_size in 1k-blocks
|
|
|
|
(new_size, _) = p.communicate()
|
|
|
|
# some safety margin for FS metadata
|
|
|
|
self.assertGreater(int(new_size.strip()), 3.8*1024**2)
|
|
|
|
# Then online test
|
|
|
|
self.testvm1.resize_private_img(6*1024**3)
|
2015-11-25 03:15:23 +01:00
|
|
|
p = self.testvm1.run(df_cmd,
|
2015-11-07 04:22:03 +01:00
|
|
|
passio_popen=True)
|
|
|
|
# new_size in 1k-blocks
|
|
|
|
(new_size, _) = p.communicate()
|
|
|
|
# some safety margin for FS metadata
|
|
|
|
self.assertGreater(int(new_size.strip()), 5.8*1024**2)
|
|
|
|
|
|
|
|
class TC_05_StandaloneVM(qubes.tests.SystemTestsMixin, qubes.tests.QubesTestCase):
|
|
|
|
def test_000_create_start(self):
|
|
|
|
testvm1 = self.qc.add_new_vm("QubesAppVm",
|
|
|
|
template=None,
|
|
|
|
name=self.make_vm_name('vm1'))
|
|
|
|
testvm1.create_on_disk(verbose=False,
|
|
|
|
source_template=self.qc.get_default_template())
|
|
|
|
self.qc.save()
|
|
|
|
self.qc.unlock_db()
|
|
|
|
testvm1.start()
|
|
|
|
self.assertEquals(testvm1.get_power_state(), "Running")
|
|
|
|
|
|
|
|
def test_100_resize_root_img(self):
|
|
|
|
testvm1 = self.qc.add_new_vm("QubesAppVm",
|
|
|
|
template=None,
|
|
|
|
name=self.make_vm_name('vm1'))
|
|
|
|
testvm1.create_on_disk(verbose=False,
|
|
|
|
source_template=self.qc.get_default_template())
|
|
|
|
self.qc.save()
|
|
|
|
self.qc.unlock_db()
|
2015-12-26 04:10:20 +01:00
|
|
|
with self.assertRaises(QubesException):
|
|
|
|
testvm1.resize_root_img(20*1024**3)
|
|
|
|
testvm1.resize_root_img(20*1024**3, allow_start=True)
|
2015-11-07 04:22:03 +01:00
|
|
|
timeout = 60
|
|
|
|
while testvm1.is_running():
|
|
|
|
time.sleep(1)
|
|
|
|
timeout -= 1
|
|
|
|
if timeout == 0:
|
|
|
|
self.fail("Timeout while waiting for VM shutdown")
|
|
|
|
self.assertEquals(testvm1.get_root_img_sz(), 20*1024**3)
|
|
|
|
testvm1.start()
|
|
|
|
p = testvm1.run('df --output=size /|tail -n 1',
|
|
|
|
passio_popen=True)
|
|
|
|
# new_size in 1k-blocks
|
|
|
|
(new_size, _) = p.communicate()
|
|
|
|
# some safety margin for FS metadata
|
|
|
|
self.assertGreater(int(new_size.strip()), 19*1024**2)
|
|
|
|
|
2015-02-05 15:46:40 +01:00
|
|
|
|
2015-02-11 14:26:29 +01:00
|
|
|
class TC_10_HVM(qubes.tests.SystemTestsMixin, qubes.tests.QubesTestCase):
|
2015-02-09 06:18:57 +01:00
|
|
|
# TODO: test with some OS inside
|
|
|
|
# TODO: windows tools tests
|
|
|
|
|
|
|
|
def test_000_create_start(self):
|
2015-07-07 21:41:54 +02:00
|
|
|
testvm1 = self.qc.add_new_vm("QubesHVm",
|
|
|
|
name=self.make_vm_name('vm1'))
|
|
|
|
testvm1.create_on_disk(verbose=False)
|
2015-02-05 15:46:40 +01:00
|
|
|
self.qc.save()
|
2015-03-19 23:15:30 +01:00
|
|
|
self.qc.unlock_db()
|
2015-07-07 21:41:54 +02:00
|
|
|
testvm1.start()
|
|
|
|
self.assertEquals(testvm1.get_power_state(), "Running")
|
2015-02-09 06:18:57 +01:00
|
|
|
|
|
|
|
def test_010_create_start_template(self):
|
2015-07-07 21:41:54 +02:00
|
|
|
templatevm = self.qc.add_new_vm("QubesTemplateHVm",
|
|
|
|
name=self.make_vm_name('template'))
|
|
|
|
templatevm.create_on_disk(verbose=False)
|
2015-03-19 23:15:30 +01:00
|
|
|
self.qc.save()
|
|
|
|
self.qc.unlock_db()
|
2015-02-09 06:18:57 +01:00
|
|
|
|
2015-07-07 21:41:54 +02:00
|
|
|
templatevm.start()
|
|
|
|
self.assertEquals(templatevm.get_power_state(), "Running")
|
2015-02-09 06:18:57 +01:00
|
|
|
|
|
|
|
def test_020_create_start_template_vm(self):
|
2015-07-07 21:41:54 +02:00
|
|
|
templatevm = self.qc.add_new_vm("QubesTemplateHVm",
|
|
|
|
name=self.make_vm_name('template'))
|
|
|
|
templatevm.create_on_disk(verbose=False)
|
|
|
|
testvm2 = self.qc.add_new_vm("QubesHVm",
|
|
|
|
name=self.make_vm_name('vm2'),
|
|
|
|
template=templatevm)
|
|
|
|
testvm2.create_on_disk(verbose=False)
|
2015-02-05 15:46:40 +01:00
|
|
|
self.qc.save()
|
2015-03-19 23:15:30 +01:00
|
|
|
self.qc.unlock_db()
|
2015-02-09 06:18:57 +01:00
|
|
|
|
2015-07-07 21:41:54 +02:00
|
|
|
testvm2.start()
|
|
|
|
self.assertEquals(testvm2.get_power_state(), "Running")
|
2015-02-09 06:18:57 +01:00
|
|
|
|
|
|
|
def test_030_prevent_simultaneus_start(self):
|
2015-07-07 21:41:54 +02:00
|
|
|
templatevm = self.qc.add_new_vm("QubesTemplateHVm",
|
|
|
|
name=self.make_vm_name('template'))
|
|
|
|
templatevm.create_on_disk(verbose=False)
|
|
|
|
testvm2 = self.qc.add_new_vm("QubesHVm",
|
|
|
|
name=self.make_vm_name('vm2'),
|
|
|
|
template=templatevm)
|
|
|
|
testvm2.create_on_disk(verbose=False)
|
2015-02-05 15:46:40 +01:00
|
|
|
self.qc.save()
|
2015-03-19 23:15:30 +01:00
|
|
|
self.qc.unlock_db()
|
2015-02-09 06:18:57 +01:00
|
|
|
|
2015-07-07 21:41:54 +02:00
|
|
|
templatevm.start()
|
|
|
|
self.assertEquals(templatevm.get_power_state(), "Running")
|
|
|
|
self.assertRaises(QubesException, testvm2.start)
|
|
|
|
templatevm.force_shutdown()
|
|
|
|
testvm2.start()
|
|
|
|
self.assertEquals(testvm2.get_power_state(), "Running")
|
|
|
|
self.assertRaises(QubesException, templatevm.start)
|
2015-02-09 06:18:57 +01:00
|
|
|
|
2015-11-07 04:22:03 +01:00
|
|
|
def test_100_resize_root_img(self):
|
|
|
|
testvm1 = self.qc.add_new_vm("QubesHVm",
|
|
|
|
name=self.make_vm_name('vm1'))
|
|
|
|
testvm1.create_on_disk(verbose=False)
|
|
|
|
self.qc.save()
|
|
|
|
self.qc.unlock_db()
|
|
|
|
testvm1.resize_root_img(30*1024**3)
|
|
|
|
self.assertEquals(testvm1.get_root_img_sz(), 30*1024**3)
|
|
|
|
testvm1.start()
|
|
|
|
self.assertEquals(testvm1.get_power_state(), "Running")
|
|
|
|
# TODO: launch some OS there and check the size
|
2015-02-09 06:18:57 +01:00
|
|
|
|
2015-03-22 01:40:50 +01:00
|
|
|
class TC_20_DispVMMixin(qubes.tests.SystemTestsMixin):
|
2014-11-10 11:42:30 +01:00
|
|
|
def test_000_prepare_dvm(self):
|
2015-02-05 15:46:40 +01:00
|
|
|
self.qc.unlock_db()
|
2014-11-10 11:42:30 +01:00
|
|
|
retcode = subprocess.call(['/usr/bin/qvm-create-default-dvm',
|
2015-03-22 01:40:50 +01:00
|
|
|
self.template],
|
2014-11-10 11:42:30 +01:00
|
|
|
stderr=open(os.devnull, 'w'))
|
|
|
|
self.assertEqual(retcode, 0)
|
2015-02-05 15:46:40 +01:00
|
|
|
self.qc.lock_db_for_writing()
|
2014-11-10 11:42:30 +01:00
|
|
|
self.qc.load()
|
|
|
|
self.assertIsNotNone(self.qc.get_vm_by_name(
|
2015-03-22 01:40:50 +01:00
|
|
|
self.template + "-dvm"))
|
2014-11-10 11:42:30 +01:00
|
|
|
# TODO: check mtime of snapshot file
|
|
|
|
|
|
|
|
def test_010_simple_dvm_run(self):
|
2015-02-05 15:46:40 +01:00
|
|
|
self.qc.unlock_db()
|
2014-11-10 11:42:30 +01:00
|
|
|
p = subprocess.Popen(['/usr/lib/qubes/qfile-daemon-dvm',
|
|
|
|
'qubes.VMShell', 'dom0', 'DEFAULT'],
|
|
|
|
stdin=subprocess.PIPE,
|
|
|
|
stdout=subprocess.PIPE,
|
|
|
|
stderr=open(os.devnull, 'w'))
|
|
|
|
(stdout, _) = p.communicate(input="echo test")
|
|
|
|
self.assertEqual(stdout, "test\n")
|
|
|
|
# TODO: check if DispVM is destroyed
|
|
|
|
|
2015-03-19 23:17:34 +01:00
|
|
|
@unittest.skipUnless(spawn.find_executable('xdotool'),
|
|
|
|
"xdotool not installed")
|
2014-11-10 11:42:30 +01:00
|
|
|
def test_020_gui_app(self):
|
2015-02-05 15:46:40 +01:00
|
|
|
self.qc.unlock_db()
|
2014-11-10 11:42:30 +01:00
|
|
|
p = subprocess.Popen(['/usr/lib/qubes/qfile-daemon-dvm',
|
|
|
|
'qubes.VMShell', 'dom0', 'DEFAULT'],
|
|
|
|
stdin=subprocess.PIPE,
|
|
|
|
stdout=subprocess.PIPE,
|
|
|
|
stderr=open(os.devnull, 'w'))
|
2015-02-05 15:46:40 +01:00
|
|
|
|
2014-11-10 11:42:30 +01:00
|
|
|
# wait for DispVM startup:
|
|
|
|
p.stdin.write("echo test\n")
|
|
|
|
p.stdin.flush()
|
|
|
|
l = p.stdout.readline()
|
|
|
|
self.assertEqual(l, "test\n")
|
2015-02-05 15:46:40 +01:00
|
|
|
|
2014-11-10 11:42:30 +01:00
|
|
|
# potential race condition, but our tests are supposed to be
|
|
|
|
# running on dedicated machine, so should not be a problem
|
|
|
|
self.qc.lock_db_for_reading()
|
|
|
|
self.qc.load()
|
|
|
|
self.qc.unlock_db()
|
2015-02-05 15:46:40 +01:00
|
|
|
|
2014-11-10 11:42:30 +01:00
|
|
|
max_qid = 0
|
|
|
|
for vm in self.qc.values():
|
|
|
|
if not vm.is_disposablevm():
|
|
|
|
continue
|
|
|
|
if vm.qid > max_qid:
|
|
|
|
max_qid = vm.qid
|
|
|
|
dispvm = self.qc[max_qid]
|
|
|
|
self.assertNotEqual(dispvm.qid, 0, "DispVM not found in qubes.xml")
|
|
|
|
self.assertTrue(dispvm.is_running())
|
2015-11-07 18:46:54 +01:00
|
|
|
try:
|
|
|
|
window_title = 'user@%s' % (dispvm.template.name + "-dvm")
|
2015-11-14 23:50:24 +01:00
|
|
|
p.stdin.write("xterm -e "
|
2015-11-25 01:18:05 +01:00
|
|
|
"\"sh -s -c 'echo \\\"\033]0;{}\007\\\";read x;'\"\n".
|
2015-11-07 18:46:54 +01:00
|
|
|
format(window_title))
|
2015-11-14 23:50:24 +01:00
|
|
|
self.wait_for_window(window_title)
|
2015-11-07 18:46:54 +01:00
|
|
|
|
|
|
|
time.sleep(0.5)
|
2015-11-25 01:18:05 +01:00
|
|
|
self.enter_keys_in_window(window_title, ['Return'])
|
|
|
|
# Wait for window to close
|
|
|
|
self.wait_for_window(window_title, show=False)
|
2015-11-07 18:46:54 +01:00
|
|
|
finally:
|
|
|
|
p.stdin.close()
|
2014-11-10 11:42:30 +01:00
|
|
|
|
|
|
|
wait_count = 0
|
|
|
|
while dispvm.is_running():
|
|
|
|
wait_count += 1
|
|
|
|
if wait_count > 100:
|
|
|
|
self.fail("Timeout while waiting for DispVM destruction")
|
|
|
|
time.sleep(0.1)
|
|
|
|
wait_count = 0
|
|
|
|
while p.poll() is None:
|
|
|
|
wait_count += 1
|
|
|
|
if wait_count > 100:
|
|
|
|
self.fail("Timeout while waiting for qfile-daemon-dvm "
|
|
|
|
"termination")
|
|
|
|
time.sleep(0.1)
|
|
|
|
self.assertEqual(p.returncode, 0)
|
|
|
|
|
|
|
|
self.qc.lock_db_for_reading()
|
|
|
|
self.qc.load()
|
|
|
|
self.qc.unlock_db()
|
|
|
|
self.assertIsNone(self.qc.get_vm_by_name(dispvm.name),
|
|
|
|
"DispVM not removed from qubes.xml")
|
|
|
|
|
2015-03-30 16:18:09 +02:00
|
|
|
def _handle_editor(self, winid):
|
|
|
|
(window_title, _) = subprocess.Popen(
|
|
|
|
['xdotool', 'getwindowname', winid], stdout=subprocess.PIPE).\
|
|
|
|
communicate()
|
|
|
|
window_title = window_title.strip().\
|
|
|
|
replace('(', '\(').replace(')', '\)')
|
|
|
|
time.sleep(1)
|
|
|
|
if "gedit" in window_title:
|
|
|
|
subprocess.check_call(['xdotool', 'search', '--name', window_title,
|
|
|
|
'windowactivate', 'type', 'test test 2\n'])
|
|
|
|
time.sleep(0.5)
|
|
|
|
subprocess.check_call(['xdotool', 'search', '--name', window_title,
|
|
|
|
'key', 'ctrl+s', 'ctrl+q'])
|
|
|
|
elif "emacs" in window_title:
|
|
|
|
subprocess.check_call(['xdotool', 'search', '--name', window_title,
|
|
|
|
'windowactivate', 'type', 'test test 2\n'])
|
|
|
|
time.sleep(0.5)
|
|
|
|
subprocess.check_call(['xdotool', 'search', '--name', window_title,
|
|
|
|
'key', 'ctrl+x', 'ctrl+s'])
|
|
|
|
subprocess.check_call(['xdotool', 'search', '--name', window_title,
|
|
|
|
'key', 'ctrl+x', 'ctrl+c'])
|
|
|
|
elif "vim" in window_title:
|
|
|
|
subprocess.check_call(['xdotool', 'search', '--name', window_title,
|
|
|
|
'windowactivate', 'key', 'i',
|
|
|
|
'type', 'test test 2\n'])
|
|
|
|
subprocess.check_call(
|
|
|
|
['xdotool', 'search', '--name', window_title,
|
|
|
|
'key', 'Escape', 'colon', 'w', 'q', 'Return'])
|
|
|
|
else:
|
|
|
|
self.fail("Unknown editor window: {}".format(window_title))
|
|
|
|
|
2015-03-19 23:17:34 +01:00
|
|
|
@unittest.skipUnless(spawn.find_executable('xdotool'),
|
|
|
|
"xdotool not installed")
|
2014-11-10 11:42:30 +01:00
|
|
|
def test_030_edit_file(self):
|
2015-07-07 21:41:54 +02:00
|
|
|
testvm1 = self.qc.add_new_vm("QubesAppVm",
|
|
|
|
name=self.make_vm_name('vm1'),
|
|
|
|
template=self.qc.get_vm_by_name(
|
|
|
|
self.template))
|
|
|
|
testvm1.create_on_disk(verbose=False)
|
2014-11-10 11:42:30 +01:00
|
|
|
self.qc.save()
|
|
|
|
|
2015-07-07 21:41:54 +02:00
|
|
|
testvm1.start()
|
|
|
|
testvm1.run("echo test1 > /home/user/test.txt", wait=True)
|
2015-02-05 15:46:40 +01:00
|
|
|
|
|
|
|
self.qc.unlock_db()
|
2015-07-07 21:41:54 +02:00
|
|
|
p = testvm1.run("qvm-open-in-dvm /home/user/test.txt",
|
|
|
|
passio_popen=True)
|
2014-11-10 11:42:30 +01:00
|
|
|
|
|
|
|
wait_count = 0
|
2015-03-30 16:18:09 +02:00
|
|
|
winid = None
|
|
|
|
while True:
|
|
|
|
search = subprocess.Popen(['xdotool', 'search',
|
|
|
|
'--onlyvisible', '--class', 'disp*'],
|
2015-07-07 21:41:54 +02:00
|
|
|
stdout=subprocess.PIPE,
|
|
|
|
stderr=open(os.path.devnull, 'w'))
|
2015-03-30 16:18:09 +02:00
|
|
|
retcode = search.wait()
|
|
|
|
if retcode == 0:
|
|
|
|
winid = search.stdout.read().strip()
|
|
|
|
break
|
2014-11-10 11:42:30 +01:00
|
|
|
wait_count += 1
|
|
|
|
if wait_count > 100:
|
|
|
|
self.fail("Timeout while waiting for editor window")
|
|
|
|
time.sleep(0.3)
|
|
|
|
|
2015-03-30 16:18:09 +02:00
|
|
|
self._handle_editor(winid)
|
2014-11-10 11:42:30 +01:00
|
|
|
p.wait()
|
2015-07-07 21:41:54 +02:00
|
|
|
p = testvm1.run("cat /home/user/test.txt",
|
|
|
|
passio_popen=True)
|
2014-11-10 11:42:30 +01:00
|
|
|
(test_txt_content, _) = p.communicate()
|
2015-02-09 06:17:43 +01:00
|
|
|
self.assertEqual(test_txt_content, "test test 2\ntest1\n")
|
2014-11-10 11:42:30 +01:00
|
|
|
|
2015-07-07 21:41:54 +02:00
|
|
|
|
2015-03-31 05:12:40 +02:00
|
|
|
class TC_30_Gui_daemon(qubes.tests.SystemTestsMixin, qubes.tests.QubesTestCase):
|
|
|
|
@unittest.skipUnless(spawn.find_executable('xdotool'),
|
|
|
|
"xdotool not installed")
|
|
|
|
def test_000_clipboard(self):
|
2015-07-07 21:41:54 +02:00
|
|
|
testvm1 = self.qc.add_new_vm("QubesAppVm",
|
|
|
|
name=self.make_vm_name('vm1'),
|
|
|
|
template=self.qc.get_default_template())
|
|
|
|
testvm1.create_on_disk(verbose=False)
|
|
|
|
testvm2 = self.qc.add_new_vm("QubesAppVm",
|
|
|
|
name=self.make_vm_name('vm2'),
|
|
|
|
template=self.qc.get_default_template())
|
|
|
|
testvm2.create_on_disk(verbose=False)
|
2015-03-31 05:12:40 +02:00
|
|
|
self.qc.save()
|
|
|
|
self.qc.unlock_db()
|
|
|
|
|
2015-07-07 21:41:54 +02:00
|
|
|
testvm1.start()
|
|
|
|
testvm2.start()
|
2015-03-31 05:12:40 +02:00
|
|
|
|
2015-07-07 21:41:54 +02:00
|
|
|
window_title = 'user@{}'.format(testvm1.name)
|
|
|
|
testvm1.run('zenity --text-info --editable --title={}'.format(
|
2015-03-31 05:12:40 +02:00
|
|
|
window_title))
|
|
|
|
|
2015-11-03 02:43:46 +01:00
|
|
|
self.wait_for_window(window_title)
|
2015-03-31 05:12:40 +02:00
|
|
|
time.sleep(0.5)
|
2015-07-07 21:41:54 +02:00
|
|
|
test_string = "test{}".format(testvm1.xid)
|
2015-03-31 05:12:40 +02:00
|
|
|
|
|
|
|
# Type and copy some text
|
|
|
|
subprocess.check_call(['xdotool', 'search', '--name', window_title,
|
2015-07-07 21:41:54 +02:00
|
|
|
'windowactivate',
|
|
|
|
'type', '{}'.format(test_string)])
|
2015-03-31 05:12:40 +02:00
|
|
|
# second xdotool call because type --terminator do not work (SEGV)
|
|
|
|
# additionally do not use search here, so window stack will be empty
|
|
|
|
# and xdotool will use XTEST instead of generating events manually -
|
|
|
|
# this will be much better - at least because events will have
|
|
|
|
# correct timestamp (so gui-daemon would not drop the copy request)
|
|
|
|
subprocess.check_call(['xdotool',
|
2015-07-07 21:41:54 +02:00
|
|
|
'key', 'ctrl+a', 'ctrl+c', 'ctrl+shift+c',
|
|
|
|
'Escape'])
|
2015-03-31 05:12:40 +02:00
|
|
|
|
|
|
|
clipboard_content = \
|
|
|
|
open('/var/run/qubes/qubes-clipboard.bin', 'r').read().strip()
|
|
|
|
self.assertEquals(clipboard_content, test_string,
|
|
|
|
"Clipboard copy operation failed - content")
|
|
|
|
clipboard_source = \
|
2015-07-07 21:41:54 +02:00
|
|
|
open('/var/run/qubes/qubes-clipboard.bin.source',
|
|
|
|
'r').read().strip()
|
|
|
|
self.assertEquals(clipboard_source, testvm1.name,
|
2015-03-31 05:12:40 +02:00
|
|
|
"Clipboard copy operation failed - owner")
|
|
|
|
|
|
|
|
# Then paste it to the other window
|
2015-07-07 21:41:54 +02:00
|
|
|
window_title = 'user@{}'.format(testvm2.name)
|
2015-11-03 02:47:08 +01:00
|
|
|
p = testvm2.run('zenity --entry --title={} > test.txt'.format(
|
|
|
|
window_title), passio_popen=True)
|
2015-11-03 02:43:46 +01:00
|
|
|
self.wait_for_window(window_title)
|
2015-03-31 05:12:40 +02:00
|
|
|
|
|
|
|
subprocess.check_call(['xdotool', 'key', '--delay', '100',
|
2015-04-01 05:24:24 +02:00
|
|
|
'ctrl+shift+v', 'ctrl+v', 'Return'])
|
2015-11-03 02:47:08 +01:00
|
|
|
p.wait()
|
2015-03-31 05:12:40 +02:00
|
|
|
|
|
|
|
# And compare the result
|
2015-07-07 21:41:54 +02:00
|
|
|
(test_output, _) = testvm2.run('cat test.txt',
|
|
|
|
passio_popen=True).communicate()
|
2015-03-31 05:12:40 +02:00
|
|
|
self.assertEquals(test_string, test_output.strip())
|
|
|
|
|
|
|
|
clipboard_content = \
|
|
|
|
open('/var/run/qubes/qubes-clipboard.bin', 'r').read().strip()
|
|
|
|
self.assertEquals(clipboard_content, "",
|
|
|
|
"Clipboard not wiped after paste - content")
|
|
|
|
clipboard_source = \
|
|
|
|
open('/var/run/qubes/qubes-clipboard.bin.source', 'r').read(
|
|
|
|
|
|
|
|
).strip()
|
|
|
|
self.assertEquals(clipboard_source, "",
|
|
|
|
"Clipboard not wiped after paste - owner")
|
|
|
|
|
|
|
|
|
2015-11-10 17:18:33 +01:00
|
|
|
@unittest.skipUnless(os.path.exists('/var/lib/qubes/vm-kernels/pvgrub2'),
|
|
|
|
'grub-xen package not installed')
|
|
|
|
class TC_40_PVGrub(qubes.tests.SystemTestsMixin):
|
|
|
|
def setUp(self):
|
|
|
|
super(TC_40_PVGrub, self).setUp()
|
|
|
|
supported = False
|
|
|
|
if self.template.startswith('fedora-'):
|
|
|
|
supported = True
|
|
|
|
elif self.template.startswith('debian-'):
|
|
|
|
supported = True
|
|
|
|
if not supported:
|
|
|
|
self.skipTest("Template {} not supported by this test".format(
|
|
|
|
self.template))
|
|
|
|
|
|
|
|
def install_packages(self, vm):
|
|
|
|
if self.template.startswith('fedora-'):
|
2015-11-25 03:16:24 +01:00
|
|
|
cmd_install1 = 'yum clean expire-cache && ' \
|
|
|
|
'yum install -y qubes-kernel-vm-support grub2-tools'
|
2015-11-10 17:18:33 +01:00
|
|
|
cmd_install2 = 'yum install -y kernel kernel-devel'
|
|
|
|
cmd_update_grub = 'grub2-mkconfig -o /boot/grub2/grub.cfg'
|
|
|
|
elif self.template.startswith('debian-'):
|
|
|
|
cmd_install1 = 'apt-get update && apt-get install -y ' \
|
|
|
|
'qubes-kernel-vm-support grub2-common'
|
|
|
|
cmd_install2 = 'apt-get install -y linux-image-amd64'
|
|
|
|
cmd_update_grub = 'mkdir /boot/grub && update-grub2'
|
|
|
|
else:
|
|
|
|
assert False, "Unsupported template?!"
|
|
|
|
|
|
|
|
for cmd in [cmd_install1, cmd_install2, cmd_update_grub]:
|
|
|
|
p = vm.run(cmd, user="root", passio_popen=True, passio_stderr=True)
|
|
|
|
(stdout, stderr) = p.communicate()
|
|
|
|
self.assertEquals(p.returncode, 0,
|
|
|
|
"Failed command: {}\nSTDOUT: {}\nSTDERR: {}"
|
|
|
|
.format(cmd, stdout, stderr))
|
|
|
|
|
|
|
|
def get_kernel_version(self, vm):
|
|
|
|
if self.template.startswith('fedora-'):
|
|
|
|
cmd_get_kernel_version = 'rpm -q kernel|sort -n|tail -1|' \
|
|
|
|
'cut -d - -f 2-'
|
|
|
|
elif self.template.startswith('debian-'):
|
|
|
|
cmd_get_kernel_version = \
|
|
|
|
'dpkg-query --showformat=\'${Package}\\n\' --show ' \
|
|
|
|
'\'linux-image-*-amd64\'|sort -n|tail -1|cut -d - -f 3-'
|
|
|
|
else:
|
|
|
|
raise RuntimeError("Unsupported template?!")
|
|
|
|
|
|
|
|
p = vm.run(cmd_get_kernel_version, user="root", passio_popen=True)
|
|
|
|
(kver, _) = p.communicate()
|
|
|
|
self.assertEquals(p.returncode, 0,
|
|
|
|
"Failed command: {}".format(cmd_get_kernel_version))
|
|
|
|
return kver.strip()
|
|
|
|
|
|
|
|
def test_000_standalone_vm(self):
|
|
|
|
testvm1 = self.qc.add_new_vm("QubesAppVm",
|
|
|
|
template=None,
|
|
|
|
name=self.make_vm_name('vm1'))
|
|
|
|
testvm1.create_on_disk(verbose=False,
|
|
|
|
source_template=self.qc.get_vm_by_name(
|
|
|
|
self.template))
|
|
|
|
self.save_and_reload_db()
|
|
|
|
self.qc.unlock_db()
|
|
|
|
testvm1 = self.qc[testvm1.qid]
|
|
|
|
testvm1.start()
|
|
|
|
self.install_packages(testvm1)
|
|
|
|
kver = self.get_kernel_version(testvm1)
|
|
|
|
self.shutdown_and_wait(testvm1)
|
|
|
|
|
|
|
|
self.qc.lock_db_for_writing()
|
|
|
|
self.qc.load()
|
|
|
|
testvm1 = self.qc[testvm1.qid]
|
|
|
|
testvm1.kernel = 'pvgrub2'
|
|
|
|
self.save_and_reload_db()
|
|
|
|
self.qc.unlock_db()
|
|
|
|
testvm1 = self.qc[testvm1.qid]
|
|
|
|
testvm1.start()
|
|
|
|
p = testvm1.run('uname -r', passio_popen=True)
|
|
|
|
(actual_kver, _) = p.communicate()
|
|
|
|
self.assertEquals(actual_kver.strip(), kver)
|
|
|
|
|
|
|
|
def test_010_template_based_vm(self):
|
|
|
|
test_template = self.qc.add_new_vm("QubesTemplateVm",
|
|
|
|
template=None,
|
|
|
|
name=self.make_vm_name('template'))
|
|
|
|
test_template.clone_attrs(self.qc.get_vm_by_name(self.template))
|
|
|
|
test_template.clone_disk_files(
|
|
|
|
src_vm=self.qc.get_vm_by_name(self.template),
|
|
|
|
verbose=False)
|
|
|
|
|
|
|
|
testvm1 = self.qc.add_new_vm("QubesAppVm",
|
|
|
|
template=test_template,
|
|
|
|
name=self.make_vm_name('vm1'))
|
|
|
|
testvm1.create_on_disk(verbose=False,
|
|
|
|
source_template=test_template)
|
|
|
|
self.save_and_reload_db()
|
|
|
|
self.qc.unlock_db()
|
|
|
|
test_template = self.qc[test_template.qid]
|
|
|
|
testvm1 = self.qc[testvm1.qid]
|
|
|
|
test_template.start()
|
|
|
|
self.install_packages(test_template)
|
|
|
|
kver = self.get_kernel_version(test_template)
|
|
|
|
self.shutdown_and_wait(test_template)
|
|
|
|
|
|
|
|
self.qc.lock_db_for_writing()
|
|
|
|
self.qc.load()
|
|
|
|
test_template = self.qc[test_template.qid]
|
|
|
|
test_template.kernel = 'pvgrub2'
|
|
|
|
testvm1 = self.qc[testvm1.qid]
|
|
|
|
testvm1.kernel = 'pvgrub2'
|
|
|
|
self.save_and_reload_db()
|
|
|
|
self.qc.unlock_db()
|
|
|
|
|
|
|
|
# Check if TemplateBasedVM boots and has the right kernel
|
|
|
|
testvm1 = self.qc[testvm1.qid]
|
|
|
|
testvm1.start()
|
|
|
|
p = testvm1.run('uname -r', passio_popen=True)
|
|
|
|
(actual_kver, _) = p.communicate()
|
|
|
|
self.assertEquals(actual_kver.strip(), kver)
|
|
|
|
|
|
|
|
# And the same for the TemplateVM itself
|
|
|
|
test_template = self.qc[test_template.qid]
|
|
|
|
test_template.start()
|
|
|
|
p = test_template.run('uname -r', passio_popen=True)
|
|
|
|
(actual_kver, _) = p.communicate()
|
|
|
|
self.assertEquals(actual_kver.strip(), kver)
|
|
|
|
|
2016-01-29 21:31:49 +01:00
|
|
|
@unittest.skipUnless(
|
|
|
|
spawn.find_executable('xprop') and
|
|
|
|
spawn.find_executable('xdotool') and
|
|
|
|
spawn.find_executable('wmctrl'),
|
|
|
|
"xprop or xdotool or wmctrl not installed")
|
|
|
|
class TC_50_MimeHandlers(qubes.tests.SystemTestsMixin):
|
|
|
|
@classmethod
|
|
|
|
def setUpClass(cls):
|
|
|
|
if cls.template == 'whonix-gw' or 'minimal' in cls.template:
|
|
|
|
raise unittest.SkipTest(
|
|
|
|
'Template {} not supported by this test'.format(cls.template))
|
|
|
|
|
|
|
|
if cls.template == 'whonix-ws':
|
|
|
|
# TODO remove when Whonix-based DispVMs will work (Whonix 13?)
|
|
|
|
raise unittest.SkipTest(
|
|
|
|
'Template {} not supported by this test'.format(cls.template))
|
|
|
|
|
|
|
|
qc = QubesVmCollection()
|
|
|
|
|
2016-03-13 03:37:04 +01:00
|
|
|
cls._kill_test_vms(qc, prefix=qubes.tests.CLSVMPREFIX)
|
2016-01-29 21:31:49 +01:00
|
|
|
|
|
|
|
qc.lock_db_for_writing()
|
|
|
|
qc.load()
|
|
|
|
|
2016-03-13 03:37:04 +01:00
|
|
|
cls._remove_test_vms(qc, qubes.qubes.vmm.libvirt_conn,
|
2016-01-29 21:31:49 +01:00
|
|
|
prefix=qubes.tests.CLSVMPREFIX)
|
|
|
|
|
|
|
|
cls.source_vmname = cls.make_vm_name('source', True)
|
|
|
|
source_vm = qc.add_new_vm("QubesAppVm",
|
|
|
|
template=qc.get_vm_by_name(cls.template),
|
|
|
|
name=cls.source_vmname)
|
|
|
|
source_vm.create_on_disk(verbose=False)
|
|
|
|
|
|
|
|
cls.target_vmname = cls.make_vm_name('target', True)
|
|
|
|
target_vm = qc.add_new_vm("QubesAppVm",
|
|
|
|
template=qc.get_vm_by_name(cls.template),
|
|
|
|
name=cls.target_vmname)
|
|
|
|
target_vm.create_on_disk(verbose=False)
|
|
|
|
|
|
|
|
qc.save()
|
|
|
|
qc.unlock_db()
|
|
|
|
source_vm.start()
|
|
|
|
target_vm.start()
|
|
|
|
|
|
|
|
# make sure that DispVMs will be started of the same template
|
|
|
|
retcode = subprocess.call(['/usr/bin/qvm-create-default-dvm',
|
|
|
|
cls.template],
|
|
|
|
stderr=open(os.devnull, 'w'))
|
|
|
|
assert retcode == 0, "Error preparing DispVM"
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
super(TC_50_MimeHandlers, self).setUp()
|
|
|
|
self.source_vm = self.qc.get_vm_by_name(self.source_vmname)
|
|
|
|
self.target_vm = self.qc.get_vm_by_name(self.target_vmname)
|
|
|
|
|
|
|
|
def get_window_class(self, winid, dispvm=False):
|
|
|
|
(vm_winid, _) = subprocess.Popen(
|
|
|
|
['xprop', '-id', winid, '_QUBES_VMWINDOWID'],
|
|
|
|
stdout=subprocess.PIPE
|
|
|
|
).communicate()
|
|
|
|
vm_winid = vm_winid.split("#")[1].strip('\n" ')
|
|
|
|
if dispvm:
|
|
|
|
(vmname, _) = subprocess.Popen(
|
|
|
|
['xprop', '-id', winid, '_QUBES_VMNAME'],
|
|
|
|
stdout=subprocess.PIPE
|
|
|
|
).communicate()
|
|
|
|
vmname = vmname.split("=")[1].strip('\n" ')
|
|
|
|
window_class = None
|
|
|
|
while window_class is None:
|
|
|
|
# XXX to use self.qc.get_vm_by_name would require reloading
|
|
|
|
# qubes.xml, so use qvm-run instead
|
|
|
|
xprop = subprocess.Popen(
|
|
|
|
['qvm-run', '-p', vmname, 'xprop -id {} WM_CLASS'.format(
|
|
|
|
vm_winid)], stdout=subprocess.PIPE)
|
|
|
|
(window_class, _) = xprop.communicate()
|
|
|
|
if xprop.returncode != 0:
|
|
|
|
self.skipTest("xprop failed, not installed?")
|
|
|
|
if 'not found' in window_class:
|
|
|
|
# WM_CLASS not set yet, wait a little
|
|
|
|
time.sleep(0.1)
|
|
|
|
window_class = None
|
|
|
|
else:
|
|
|
|
window_class = None
|
|
|
|
while window_class is None:
|
|
|
|
xprop = self.target_vm.run(
|
|
|
|
'xprop -id {} WM_CLASS'.format(vm_winid),
|
|
|
|
passio_popen=True)
|
|
|
|
(window_class, _) = xprop.communicate()
|
|
|
|
if xprop.returncode != 0:
|
|
|
|
self.skipTest("xprop failed, not installed?")
|
|
|
|
if 'not found' in window_class:
|
|
|
|
# WM_CLASS not set yet, wait a little
|
|
|
|
time.sleep(0.1)
|
|
|
|
window_class = None
|
|
|
|
# output: WM_CLASS(STRING) = "gnome-terminal-server", "Gnome-terminal"
|
|
|
|
try:
|
|
|
|
window_class = window_class.split("=")[1].split(",")[0].strip('\n" ')
|
|
|
|
except IndexError:
|
|
|
|
raise Exception(
|
|
|
|
"Unexpected output from xprop: '{}'".format(window_class))
|
|
|
|
|
|
|
|
return window_class
|
|
|
|
|
|
|
|
def open_file_and_check_viewer(self, filename, expected_app_titles,
|
|
|
|
expected_app_classes, dispvm=False):
|
|
|
|
self.qc.unlock_db()
|
|
|
|
if dispvm:
|
|
|
|
p = self.source_vm.run("qvm-open-in-dvm {}".format(filename),
|
|
|
|
passio_popen=True)
|
|
|
|
vmpattern = "disp*"
|
|
|
|
else:
|
2016-03-27 19:25:17 +02:00
|
|
|
self.qrexec_policy('qubes.Filecopy', self.source_vm.name,
|
|
|
|
self.target_vmname)
|
2016-01-29 21:31:49 +01:00
|
|
|
p = self.source_vm.run("qvm-open-in-vm {} {}".format(
|
|
|
|
self.target_vmname, filename), passio_popen=True)
|
|
|
|
vmpattern = self.target_vmname
|
|
|
|
wait_count = 0
|
|
|
|
winid = None
|
|
|
|
window_title = None
|
|
|
|
while True:
|
|
|
|
search = subprocess.Popen(['xdotool', 'search',
|
|
|
|
'--onlyvisible', '--class', vmpattern],
|
|
|
|
stdout=subprocess.PIPE,
|
|
|
|
stderr=open(os.path.devnull, 'w'))
|
|
|
|
retcode = search.wait()
|
|
|
|
if retcode == 0:
|
|
|
|
winid = search.stdout.read().strip()
|
|
|
|
# get window title
|
|
|
|
(window_title, _) = subprocess.Popen(
|
|
|
|
['xdotool', 'getwindowname', winid], stdout=subprocess.PIPE). \
|
|
|
|
communicate()
|
|
|
|
window_title = window_title.strip()
|
|
|
|
# ignore LibreOffice splash screen and window with no title
|
|
|
|
# set yet
|
|
|
|
if window_title and not window_title.startswith("LibreOffice")\
|
|
|
|
and not window_title == 'VMapp command':
|
|
|
|
break
|
|
|
|
wait_count += 1
|
|
|
|
if wait_count > 100:
|
|
|
|
self.fail("Timeout while waiting for editor window")
|
|
|
|
time.sleep(0.3)
|
|
|
|
|
|
|
|
# get window class
|
|
|
|
window_class = self.get_window_class(winid, dispvm)
|
|
|
|
# close the window - we've got the window class, it is no longer needed
|
|
|
|
subprocess.check_call(['wmctrl', '-i', '-c', winid])
|
|
|
|
p.wait()
|
|
|
|
self.wait_for_window(window_title, show=False)
|
|
|
|
|
|
|
|
def check_matches(obj, patterns):
|
|
|
|
return any((pat.search(obj) if isinstance(pat, type(re.compile('')))
|
|
|
|
else pat in obj) for pat in patterns)
|
|
|
|
|
|
|
|
if not check_matches(window_title, expected_app_titles) and \
|
|
|
|
not check_matches(window_class, expected_app_classes):
|
|
|
|
self.fail("Opening file {} resulted in window '{} ({})', which is "
|
|
|
|
"none of {!r} ({!r})".format(
|
|
|
|
filename, window_title, window_class,
|
|
|
|
expected_app_titles, expected_app_classes))
|
|
|
|
|
|
|
|
def prepare_txt(self, filename):
|
|
|
|
p = self.source_vm.run("cat > {}".format(filename), passio_popen=True)
|
|
|
|
p.stdin.write("This is test\n")
|
|
|
|
p.stdin.close()
|
|
|
|
retcode = p.wait()
|
|
|
|
assert retcode == 0, "Failed to write {} file".format(filename)
|
|
|
|
|
|
|
|
def prepare_pdf(self, filename):
|
|
|
|
self.prepare_txt("/tmp/source.txt")
|
|
|
|
cmd = "convert /tmp/source.txt {}".format(filename)
|
|
|
|
retcode = self.source_vm.run(cmd, wait=True)
|
|
|
|
assert retcode == 0, "Failed to run '{}'".format(cmd)
|
|
|
|
|
|
|
|
def prepare_doc(self, filename):
|
|
|
|
self.prepare_txt("/tmp/source.txt")
|
|
|
|
cmd = "unoconv -f doc -o {} /tmp/source.txt".format(filename)
|
|
|
|
retcode = self.source_vm.run(cmd, wait=True)
|
|
|
|
if retcode != 0:
|
|
|
|
self.skipTest("Failed to run '{}', not installed?".format(cmd))
|
|
|
|
|
|
|
|
def prepare_pptx(self, filename):
|
|
|
|
self.prepare_txt("/tmp/source.txt")
|
|
|
|
cmd = "unoconv -f pptx -o {} /tmp/source.txt".format(filename)
|
|
|
|
retcode = self.source_vm.run(cmd, wait=True)
|
|
|
|
if retcode != 0:
|
|
|
|
self.skipTest("Failed to run '{}', not installed?".format(cmd))
|
|
|
|
|
|
|
|
def prepare_png(self, filename):
|
|
|
|
self.prepare_txt("/tmp/source.txt")
|
|
|
|
cmd = "convert /tmp/source.txt {}".format(filename)
|
|
|
|
retcode = self.source_vm.run(cmd, wait=True)
|
|
|
|
if retcode != 0:
|
|
|
|
self.skipTest("Failed to run '{}', not installed?".format(cmd))
|
|
|
|
|
|
|
|
def prepare_jpg(self, filename):
|
|
|
|
self.prepare_txt("/tmp/source.txt")
|
|
|
|
cmd = "convert /tmp/source.txt {}".format(filename)
|
|
|
|
retcode = self.source_vm.run(cmd, wait=True)
|
|
|
|
if retcode != 0:
|
|
|
|
self.skipTest("Failed to run '{}', not installed?".format(cmd))
|
|
|
|
|
|
|
|
def test_000_txt(self):
|
|
|
|
filename = "/home/user/test_file.txt"
|
|
|
|
self.prepare_txt(filename)
|
|
|
|
self.open_file_and_check_viewer(filename, ["vim"],
|
|
|
|
["gedit", "emacs"])
|
|
|
|
|
|
|
|
def test_001_pdf(self):
|
|
|
|
filename = "/home/user/test_file.pdf"
|
|
|
|
self.prepare_pdf(filename)
|
|
|
|
self.open_file_and_check_viewer(filename, [],
|
|
|
|
["evince"])
|
|
|
|
|
|
|
|
def test_002_doc(self):
|
|
|
|
filename = "/home/user/test_file.doc"
|
|
|
|
self.prepare_doc(filename)
|
|
|
|
self.open_file_and_check_viewer(filename, [],
|
|
|
|
["libreoffice", "abiword"])
|
|
|
|
|
|
|
|
def test_003_pptx(self):
|
|
|
|
filename = "/home/user/test_file.pptx"
|
|
|
|
self.prepare_pptx(filename)
|
|
|
|
self.open_file_and_check_viewer(filename, [],
|
|
|
|
["libreoffice"])
|
|
|
|
|
|
|
|
def test_004_png(self):
|
|
|
|
filename = "/home/user/test_file.png"
|
|
|
|
self.prepare_png(filename)
|
|
|
|
self.open_file_and_check_viewer(filename, [],
|
|
|
|
["shotwell", "eog", "display"])
|
|
|
|
|
|
|
|
def test_005_jpg(self):
|
|
|
|
filename = "/home/user/test_file.jpg"
|
|
|
|
self.prepare_jpg(filename)
|
|
|
|
self.open_file_and_check_viewer(filename, [],
|
|
|
|
["shotwell", "eog", "display"])
|
|
|
|
|
|
|
|
def test_006_jpeg(self):
|
|
|
|
filename = "/home/user/test_file.jpeg"
|
|
|
|
self.prepare_jpg(filename)
|
|
|
|
self.open_file_and_check_viewer(filename, [],
|
|
|
|
["shotwell", "eog", "display"])
|
|
|
|
|
|
|
|
def test_100_txt_dispvm(self):
|
|
|
|
filename = "/home/user/test_file.txt"
|
|
|
|
self.prepare_txt(filename)
|
|
|
|
self.open_file_and_check_viewer(filename, ["vim"],
|
|
|
|
["gedit", "emacs"],
|
|
|
|
dispvm=True)
|
|
|
|
|
|
|
|
def test_101_pdf_dispvm(self):
|
|
|
|
filename = "/home/user/test_file.pdf"
|
|
|
|
self.prepare_pdf(filename)
|
|
|
|
self.open_file_and_check_viewer(filename, [],
|
|
|
|
["evince"],
|
|
|
|
dispvm=True)
|
|
|
|
|
|
|
|
def test_102_doc_dispvm(self):
|
|
|
|
filename = "/home/user/test_file.doc"
|
|
|
|
self.prepare_doc(filename)
|
|
|
|
self.open_file_and_check_viewer(filename, [],
|
|
|
|
["libreoffice", "abiword"],
|
|
|
|
dispvm=True)
|
|
|
|
|
|
|
|
def test_103_pptx_dispvm(self):
|
|
|
|
filename = "/home/user/test_file.pptx"
|
|
|
|
self.prepare_pptx(filename)
|
|
|
|
self.open_file_and_check_viewer(filename, [],
|
|
|
|
["libreoffice"],
|
|
|
|
dispvm=True)
|
|
|
|
|
|
|
|
def test_104_png_dispvm(self):
|
|
|
|
filename = "/home/user/test_file.png"
|
|
|
|
self.prepare_png(filename)
|
|
|
|
self.open_file_and_check_viewer(filename, [],
|
|
|
|
["shotwell", "eog", "display"],
|
|
|
|
dispvm=True)
|
|
|
|
|
|
|
|
def test_105_jpg_dispvm(self):
|
|
|
|
filename = "/home/user/test_file.jpg"
|
|
|
|
self.prepare_jpg(filename)
|
|
|
|
self.open_file_and_check_viewer(filename, [],
|
|
|
|
["shotwell", "eog", "display"],
|
|
|
|
dispvm=True)
|
|
|
|
|
|
|
|
def test_106_jpeg_dispvm(self):
|
|
|
|
filename = "/home/user/test_file.jpeg"
|
|
|
|
self.prepare_jpg(filename)
|
|
|
|
self.open_file_and_check_viewer(filename, [],
|
|
|
|
["shotwell", "eog", "display"],
|
|
|
|
dispvm=True)
|
|
|
|
|
2015-11-10 17:18:33 +01:00
|
|
|
|
2015-03-22 01:40:50 +01:00
|
|
|
def load_tests(loader, tests, pattern):
|
|
|
|
try:
|
|
|
|
qc = qubes.qubes.QubesVmCollection()
|
|
|
|
qc.lock_db_for_reading()
|
|
|
|
qc.load()
|
|
|
|
qc.unlock_db()
|
|
|
|
templates = [vm.name for vm in qc.values() if
|
|
|
|
isinstance(vm, qubes.qubes.QubesTemplateVm)]
|
|
|
|
except OSError:
|
|
|
|
templates = []
|
|
|
|
for template in templates:
|
|
|
|
tests.addTests(loader.loadTestsFromTestCase(
|
|
|
|
type(
|
|
|
|
'TC_00_AppVM_' + template,
|
|
|
|
(TC_00_AppVMMixin, qubes.tests.QubesTestCase),
|
|
|
|
{'template': template})))
|
|
|
|
|
|
|
|
tests.addTests(loader.loadTestsFromTestCase(
|
|
|
|
type(
|
|
|
|
'TC_20_DispVM_' + template,
|
|
|
|
(TC_20_DispVMMixin, qubes.tests.QubesTestCase),
|
|
|
|
{'template': template})))
|
2015-11-10 17:18:33 +01:00
|
|
|
tests.addTests(loader.loadTestsFromTestCase(
|
|
|
|
type(
|
|
|
|
'TC_40_PVGrub_' + template,
|
|
|
|
(TC_40_PVGrub, qubes.tests.QubesTestCase),
|
|
|
|
{'template': template})))
|
2015-03-22 01:40:50 +01:00
|
|
|
|
2016-01-29 21:31:49 +01:00
|
|
|
tests.addTests(loader.loadTestsFromTestCase(
|
|
|
|
type(
|
|
|
|
'TC_50_MimeHandlers_' + template,
|
|
|
|
(TC_50_MimeHandlers, qubes.tests.QubesTestCase),
|
|
|
|
{'template': template})))
|
|
|
|
|
2015-06-21 01:12:47 +02:00
|
|
|
return tests
|