2016-06-16 14:13:46 +02:00
|
|
|
#
|
|
|
|
# The Qubes OS Project, http://www.qubes-os.org
|
|
|
|
#
|
|
|
|
# Copyright (C) 2014-2016 Wojtek Porczyk <woju@invisiblethingslab.com>
|
|
|
|
# Copyright (C) 2016 Marek Marczykowski <marmarek@invisiblethingslab.com>)
|
|
|
|
#
|
2017-10-12 00:11:50 +02:00
|
|
|
# This library is free software; you can redistribute it and/or
|
|
|
|
# modify it under the terms of the GNU Lesser General Public
|
|
|
|
# License as published by the Free Software Foundation; either
|
|
|
|
# version 2.1 of the License, or (at your option) any later version.
|
2016-06-16 14:13:46 +02:00
|
|
|
#
|
2017-10-12 00:11:50 +02:00
|
|
|
# This library is distributed in the hope that it will be useful,
|
2016-06-16 14:13:46 +02:00
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
2017-10-12 00:11:50 +02:00
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
# Lesser General Public License for more details.
|
2016-06-16 14:13:46 +02:00
|
|
|
#
|
2017-10-12 00:11:50 +02:00
|
|
|
# You should have received a copy of the GNU Lesser General Public
|
|
|
|
# License along with this library; if not, see <https://www.gnu.org/licenses/>.
|
2016-06-16 14:13:46 +02:00
|
|
|
#
|
|
|
|
|
|
|
|
''' A disposable vm implementation '''
|
2017-01-18 22:16:46 +01:00
|
|
|
|
2017-07-08 02:53:09 +02:00
|
|
|
import asyncio
|
|
|
|
|
2014-11-13 14:38:41 +01:00
|
|
|
import qubes.vm.qubesvm
|
2016-05-20 03:58:57 +02:00
|
|
|
import qubes.vm.appvm
|
|
|
|
import qubes.config
|
2014-11-13 14:38:41 +01:00
|
|
|
|
2019-02-27 06:00:38 +01:00
|
|
|
def _setter_template(self, prop, value):
|
|
|
|
if not getattr(value, 'template_for_dispvms', False):
|
|
|
|
raise qubes.exc.QubesPropertyValueError(self, prop, value,
|
|
|
|
'template for DispVM must have template_for_dispvms=True')
|
|
|
|
return value
|
|
|
|
|
2014-11-13 14:38:41 +01:00
|
|
|
class DispVM(qubes.vm.qubesvm.QubesVM):
|
2014-11-13 18:10:27 +01:00
|
|
|
'''Disposable VM'''
|
2016-05-20 03:58:57 +02:00
|
|
|
|
|
|
|
template = qubes.VMProperty('template',
|
|
|
|
load_stage=4,
|
2019-02-27 06:00:38 +01:00
|
|
|
setter=_setter_template,
|
2016-05-20 03:58:57 +02:00
|
|
|
doc='AppVM, on which this DispVM is based.')
|
|
|
|
|
|
|
|
dispid = qubes.property('dispid', type=int, write_once=True,
|
|
|
|
clone=False,
|
|
|
|
doc='''Internal, persistent identifier of particular DispVM.''')
|
|
|
|
|
2017-08-06 12:27:35 +02:00
|
|
|
auto_cleanup = qubes.property('auto_cleanup', type=bool, default=False,
|
|
|
|
doc='automatically remove this VM upon shutdown')
|
|
|
|
|
2018-02-22 21:26:39 +01:00
|
|
|
include_in_backups = qubes.property('include_in_backups', type=bool,
|
|
|
|
default=(lambda self: not self.auto_cleanup),
|
|
|
|
doc='If this domain is to be included in default backup.')
|
|
|
|
|
2019-02-18 19:25:26 +01:00
|
|
|
default_dispvm = qubes.VMProperty('default_dispvm',
|
|
|
|
load_stage=4,
|
|
|
|
allow_none=True,
|
|
|
|
default=(lambda self: self.template),
|
|
|
|
doc='Default VM to be used as Disposable VM for service calls.')
|
|
|
|
|
2017-08-06 12:27:35 +02:00
|
|
|
def __init__(self, app, xml, *args, **kwargs):
|
2016-05-20 03:58:57 +02:00
|
|
|
self.volume_config = {
|
|
|
|
'root': {
|
|
|
|
'name': 'root',
|
2016-07-12 18:03:14 +02:00
|
|
|
'snap_on_start': True,
|
|
|
|
'save_on_stop': False,
|
2018-02-12 22:20:04 +01:00
|
|
|
'rw': True,
|
2017-07-08 02:36:39 +02:00
|
|
|
'source': None,
|
2016-05-20 03:58:57 +02:00
|
|
|
},
|
|
|
|
'private': {
|
|
|
|
'name': 'private',
|
2016-07-12 18:03:14 +02:00
|
|
|
'snap_on_start': True,
|
|
|
|
'save_on_stop': False,
|
|
|
|
'rw': True,
|
2017-07-08 02:36:39 +02:00
|
|
|
'source': None,
|
2016-05-20 03:58:57 +02:00
|
|
|
},
|
|
|
|
'volatile': {
|
|
|
|
'name': 'volatile',
|
2017-07-01 20:47:08 +02:00
|
|
|
'snap_on_start': False,
|
|
|
|
'save_on_stop': False,
|
2016-08-17 00:42:17 +02:00
|
|
|
'rw': True,
|
2016-05-20 03:58:57 +02:00
|
|
|
'size': qubes.config.defaults['root_img_size'] +
|
|
|
|
qubes.config.defaults['private_img_size'],
|
|
|
|
},
|
|
|
|
'kernel': {
|
|
|
|
'name': 'kernel',
|
2017-07-01 20:47:08 +02:00
|
|
|
'snap_on_start': False,
|
|
|
|
'save_on_stop': False,
|
2016-07-12 18:03:14 +02:00
|
|
|
'rw': False,
|
2016-05-20 03:58:57 +02:00
|
|
|
}
|
|
|
|
}
|
2017-08-06 12:27:35 +02:00
|
|
|
|
2016-08-17 00:42:17 +02:00
|
|
|
template = kwargs.get('template', None)
|
|
|
|
|
2017-08-06 12:27:35 +02:00
|
|
|
if xml is None:
|
2017-09-03 03:04:56 +02:00
|
|
|
assert template is not None
|
|
|
|
|
2018-03-05 23:47:33 +01:00
|
|
|
if not getattr(template, 'template_for_dispvms', False):
|
2017-09-03 03:04:56 +02:00
|
|
|
raise qubes.exc.QubesValueError(
|
2018-03-05 23:47:33 +01:00
|
|
|
'template for DispVM ({}) needs to be an AppVM with '
|
2017-09-03 03:11:48 +02:00
|
|
|
'template_for_dispvms=True'.format(template.name))
|
2017-09-03 03:04:56 +02:00
|
|
|
|
2017-08-06 12:27:35 +02:00
|
|
|
if 'dispid' not in kwargs:
|
|
|
|
kwargs['dispid'] = app.domains.get_new_unused_dispid()
|
|
|
|
if 'name' not in kwargs:
|
|
|
|
kwargs['name'] = 'disp' + str(kwargs['dispid'])
|
|
|
|
|
2016-08-17 00:42:17 +02:00
|
|
|
if template is not None:
|
|
|
|
# template is only passed if the AppVM is created, in other cases we
|
|
|
|
# don't need to patch the volume_config because the config is
|
|
|
|
# coming from XML, already as we need it
|
|
|
|
for name, config in template.volume_config.items():
|
|
|
|
# in case the template vm has more volumes add them to own
|
|
|
|
# config
|
|
|
|
if name not in self.volume_config:
|
2017-07-12 10:43:48 +02:00
|
|
|
self.volume_config[name] = config.copy()
|
2016-08-17 00:42:17 +02:00
|
|
|
if 'vid' in self.volume_config[name]:
|
|
|
|
del self.volume_config[name]['vid']
|
2020-07-05 18:28:22 +02:00
|
|
|
# copy pool setting from base AppVM; root and private would be
|
|
|
|
# in the same pool anyway (because of snap_on_start),
|
|
|
|
# but not volatile, which could be surprising
|
|
|
|
elif 'pool' not in self.volume_config[name] \
|
|
|
|
and 'pool' in config:
|
|
|
|
self.volume_config[name]['pool'] = config['pool']
|
2016-08-17 00:42:17 +02:00
|
|
|
|
2020-08-23 02:22:41 +02:00
|
|
|
super().__init__(app, xml, *args, **kwargs)
|
2016-06-02 17:20:13 +02:00
|
|
|
|
2017-08-06 12:27:35 +02:00
|
|
|
if xml is None:
|
2017-09-03 03:04:56 +02:00
|
|
|
# by default inherit properties from the DispVM template
|
|
|
|
proplist = [prop.__name__ for prop in template.property_list()
|
|
|
|
if prop.clone and prop.__name__ not in ['template']]
|
2019-06-02 17:58:19 +02:00
|
|
|
# Do not overwrite properties that have already been set to a
|
|
|
|
# non-default value.
|
|
|
|
self_props = [prop.__name__ for prop in self.property_list()
|
|
|
|
if self.property_is_default(prop)]
|
2017-09-03 03:04:56 +02:00
|
|
|
self.clone_properties(template, set(proplist).intersection(
|
|
|
|
self_props))
|
|
|
|
|
2017-08-06 12:27:35 +02:00
|
|
|
self.firewall.clone(template.firewall)
|
|
|
|
self.features.update(template.features)
|
|
|
|
self.tags.update(template.tags)
|
2016-05-20 03:58:57 +02:00
|
|
|
|
|
|
|
@qubes.events.handler('domain-load')
|
|
|
|
def on_domain_loaded(self, event):
|
2016-06-16 14:13:46 +02:00
|
|
|
''' When domain is loaded assert that this vm has a template.
|
|
|
|
''' # pylint: disable=unused-argument
|
2016-05-20 03:58:57 +02:00
|
|
|
assert self.template
|
2016-06-02 17:20:13 +02:00
|
|
|
|
2020-11-20 07:35:13 +01:00
|
|
|
@qubes.events.handler('property-pre-reset:template')
|
|
|
|
def on_property_pre_reset_template(self, event, name, oldvalue=None):
|
|
|
|
'''Forbid deleting template of running VM
|
|
|
|
''' # pylint: disable=unused-argument,no-self-use
|
|
|
|
raise qubes.exc.QubesValueError('Cannot unset template')
|
|
|
|
|
|
|
|
@qubes.events.handler('property-pre-set:template')
|
|
|
|
def on_property_pre_set_template(self, event, name, newvalue,
|
2017-06-03 12:22:36 +02:00
|
|
|
oldvalue=None):
|
2020-11-20 07:35:13 +01:00
|
|
|
'''Forbid changing template of running VM
|
|
|
|
''' # pylint: disable=unused-argument
|
|
|
|
if not self.is_halted():
|
|
|
|
raise qubes.exc.QubesVMNotHaltedError(self,
|
|
|
|
'Cannot change template while qube is running')
|
|
|
|
|
|
|
|
@qubes.events.handler('property-set:template')
|
|
|
|
def on_property_set_template(self, event, name, newvalue, oldvalue=None):
|
|
|
|
''' Adjust root (and possibly other snap_on_start=True) volume
|
|
|
|
on template change.
|
|
|
|
''' # pylint: disable=unused-argument
|
|
|
|
|
|
|
|
for volume_name, conf in self.default_volume_config.items():
|
|
|
|
if conf.get('snap_on_start', False) and \
|
|
|
|
conf.get('source', None) is None:
|
|
|
|
config = conf.copy()
|
|
|
|
self.volume_config[volume_name] = config
|
|
|
|
self.storage.init_volume(volume_name, config)
|
2017-06-03 12:22:36 +02:00
|
|
|
|
2017-10-21 05:57:57 +02:00
|
|
|
@qubes.events.handler('domain-shutdown')
|
2017-08-06 12:27:35 +02:00
|
|
|
@asyncio.coroutine
|
2017-10-21 05:57:57 +02:00
|
|
|
def on_domain_shutdown(self, _event, **_kwargs):
|
|
|
|
yield from self._auto_cleanup()
|
2017-08-06 12:27:35 +02:00
|
|
|
|
2017-10-21 05:57:57 +02:00
|
|
|
@asyncio.coroutine
|
|
|
|
def _auto_cleanup(self):
|
|
|
|
'''Do auto cleanup if enabled'''
|
|
|
|
if self.auto_cleanup and self in self.app.domains:
|
|
|
|
del self.app.domains[self]
|
2018-10-21 04:44:47 +02:00
|
|
|
yield from self.remove_from_disk()
|
2017-10-21 05:57:57 +02:00
|
|
|
self.app.save()
|
2017-08-06 12:27:35 +02:00
|
|
|
|
2016-06-02 17:20:13 +02:00
|
|
|
@classmethod
|
2017-07-08 02:53:09 +02:00
|
|
|
@asyncio.coroutine
|
2016-06-02 17:20:13 +02:00
|
|
|
def from_appvm(cls, appvm, **kwargs):
|
|
|
|
'''Create a new instance from given AppVM
|
|
|
|
|
|
|
|
:param qubes.vm.appvm.AppVM appvm: template from which the VM should \
|
2017-03-20 22:18:10 +01:00
|
|
|
be created
|
2016-06-02 17:20:13 +02:00
|
|
|
:returns: new disposable vm
|
|
|
|
|
|
|
|
*kwargs* are passed to the newly created VM
|
|
|
|
|
|
|
|
>>> import qubes.vm.dispvm.DispVM
|
|
|
|
>>> dispvm = qubes.vm.dispvm.DispVM.from_appvm(appvm).start()
|
|
|
|
>>> dispvm.run_service('qubes.VMShell', input='firefox')
|
|
|
|
>>> dispvm.cleanup()
|
|
|
|
|
2017-03-20 22:18:10 +01:00
|
|
|
This method modifies :file:`qubes.xml` file.
|
2016-06-02 17:20:13 +02:00
|
|
|
The qube returned is not started.
|
|
|
|
'''
|
2017-09-03 03:11:48 +02:00
|
|
|
if not appvm.template_for_dispvms:
|
2017-03-21 12:46:51 +01:00
|
|
|
raise qubes.exc.QubesException(
|
2017-08-06 12:27:35 +02:00
|
|
|
'Refusing to create DispVM out of this AppVM, because '
|
2017-09-22 22:26:32 +02:00
|
|
|
'template_for_dispvms=False')
|
2017-03-20 22:18:10 +01:00
|
|
|
app = appvm.app
|
2016-06-02 17:20:13 +02:00
|
|
|
dispvm = app.add_new_vm(
|
|
|
|
cls,
|
2017-08-06 12:27:35 +02:00
|
|
|
template=appvm,
|
|
|
|
auto_cleanup=True,
|
2016-06-02 17:20:13 +02:00
|
|
|
**kwargs)
|
2017-07-08 02:53:09 +02:00
|
|
|
yield from dispvm.create_on_disk()
|
2016-06-02 17:20:13 +02:00
|
|
|
app.save()
|
|
|
|
return dispvm
|
|
|
|
|
2017-07-08 02:53:09 +02:00
|
|
|
@asyncio.coroutine
|
2016-06-02 17:20:13 +02:00
|
|
|
def cleanup(self):
|
|
|
|
'''Clean up after the DispVM
|
|
|
|
|
|
|
|
This stops the disposable qube and removes it from the store.
|
|
|
|
This method modifies :file:`qubes.xml` file.
|
|
|
|
'''
|
2016-11-04 13:25:09 +01:00
|
|
|
try:
|
2017-07-08 02:53:09 +02:00
|
|
|
# pylint: disable=not-an-iterable
|
|
|
|
yield from self.kill()
|
2016-11-04 13:25:09 +01:00
|
|
|
except qubes.exc.QubesVMNotStartedError:
|
|
|
|
pass
|
2017-08-06 12:27:35 +02:00
|
|
|
# if auto_cleanup is set, this will be done automatically
|
|
|
|
if not self.auto_cleanup:
|
|
|
|
del self.app.domains[self]
|
2018-10-21 04:44:47 +02:00
|
|
|
yield from self.remove_from_disk()
|
2017-08-06 12:27:35 +02:00
|
|
|
self.app.save()
|
2017-09-03 03:04:56 +02:00
|
|
|
|
|
|
|
@asyncio.coroutine
|
|
|
|
def start(self, **kwargs):
|
|
|
|
# pylint: disable=arguments-differ
|
|
|
|
|
2017-09-22 22:45:47 +02:00
|
|
|
try:
|
|
|
|
# sanity check, if template_for_dispvm got changed in the meantime
|
|
|
|
if not self.template.template_for_dispvms:
|
|
|
|
raise qubes.exc.QubesException(
|
|
|
|
'template for DispVM ({}) needs to have '
|
|
|
|
'template_for_dispvms=True'.format(self.template.name))
|
2017-09-03 03:04:56 +02:00
|
|
|
|
2020-08-23 02:22:41 +02:00
|
|
|
yield from super().start(**kwargs)
|
2017-09-22 22:45:47 +02:00
|
|
|
except:
|
2017-10-21 05:57:57 +02:00
|
|
|
# Cleanup also on failed startup
|
|
|
|
yield from self._auto_cleanup()
|
2017-09-22 22:45:47 +02:00
|
|
|
raise
|
2018-12-08 23:13:30 +01:00
|
|
|
|
|
|
|
def create_qdb_entries(self):
|
|
|
|
super().create_qdb_entries()
|
|
|
|
self.untrusted_qdb.write('/qubes-vm-persistence', 'none')
|