2013-01-20 21:44:13 +01:00
|
|
|
#!/usr/bin/python2
|
2011-03-14 10:43:09 +01:00
|
|
|
#
|
|
|
|
# The Qubes OS Project, http://www.qubes-os.org
|
|
|
|
#
|
|
|
|
# Copyright (C) 2010 Rafal Wojtczuk <rafal@invisiblethingslab.com>
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or
|
|
|
|
# modify it under the terms of the GNU General Public License
|
|
|
|
# as published by the Free Software Foundation; either version 2
|
|
|
|
# of the License, or (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with this program; if not, write to the Free Software
|
|
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
#
|
|
|
|
#
|
|
|
|
import os
|
|
|
|
import subprocess
|
|
|
|
import sys
|
2011-03-28 17:39:21 +02:00
|
|
|
import fcntl
|
2011-10-31 01:28:46 +01:00
|
|
|
import shutil
|
2013-02-25 13:42:36 +01:00
|
|
|
import time
|
2011-03-14 10:43:09 +01:00
|
|
|
|
|
|
|
from qubes.qubes import QubesVmCollection
|
|
|
|
from qubes.qubes import QubesException
|
|
|
|
from qubes.qubes import QubesDaemonPidfile
|
2012-06-24 14:09:43 +02:00
|
|
|
from qubes.qubes import QubesDispVmLabels
|
2011-03-14 10:43:09 +01:00
|
|
|
from qubes.qmemman_client import QMemmanClient
|
2014-06-04 02:47:04 +02:00
|
|
|
from qubes.notify import tray_notify,tray_notify_error,tray_notify_init
|
2011-03-14 10:43:09 +01:00
|
|
|
|
2013-03-14 14:45:45 +01:00
|
|
|
current_savefile = '/var/run/qubes/current-savefile'
|
|
|
|
current_dvm_conf = '/var/run/qubes/current-dvm.conf'
|
2011-03-14 10:43:09 +01:00
|
|
|
|
|
|
|
class QfileDaemonDvm:
|
|
|
|
def __init__(self, name):
|
|
|
|
self.name = name
|
|
|
|
|
|
|
|
def do_get_dvm(self):
|
|
|
|
qmemman_client = QMemmanClient()
|
|
|
|
if not qmemman_client.request_memory(400*1024*1024):
|
|
|
|
qmemman_client.close()
|
|
|
|
errmsg = 'Not enough memory to create DVM. '
|
|
|
|
errmsg +='Terminate some appVM and retry.'
|
2014-07-03 04:09:17 +02:00
|
|
|
tray_notify_error(errmsg)
|
2011-03-14 10:43:09 +01:00
|
|
|
return None
|
|
|
|
|
2014-07-02 02:31:05 +02:00
|
|
|
tray_notify("Starting new DispVM...", "red")
|
2012-07-12 03:44:41 +02:00
|
|
|
|
2011-03-14 10:43:09 +01:00
|
|
|
qvm_collection = QubesVmCollection()
|
|
|
|
qvm_collection.lock_db_for_writing()
|
|
|
|
qvm_collection.load()
|
|
|
|
|
|
|
|
vm = qvm_collection.get_vm_by_name(self.name)
|
|
|
|
if vm is None:
|
2011-07-09 17:56:40 +02:00
|
|
|
sys.stderr.write( 'Domain ' + self.name + ' does not exist ?')
|
2011-03-14 10:43:09 +01:00
|
|
|
qvm_collection.unlock_db()
|
|
|
|
qmemman_client.close()
|
|
|
|
return None
|
2012-06-24 14:09:43 +02:00
|
|
|
label = vm.label
|
|
|
|
if len(sys.argv) > 4 and len(sys.argv[4]) > 0:
|
|
|
|
assert sys.argv[4] in QubesDispVmLabels.keys(), "Invalid label"
|
|
|
|
label = QubesDispVmLabels[sys.argv[4]]
|
2013-03-14 14:45:45 +01:00
|
|
|
print >>sys.stderr, "time=%s, starting qubes-restore" % (str(time.time()))
|
2013-03-14 15:06:19 +01:00
|
|
|
retcode = subprocess.call(['/usr/lib/qubes/qubes-restore',
|
2014-11-04 02:55:35 +01:00
|
|
|
'-s', current_savefile,
|
|
|
|
'-c', current_dvm_conf,
|
2012-11-13 04:02:49 +01:00
|
|
|
'-u', str(vm.default_user),
|
2014-11-04 02:55:35 +01:00
|
|
|
'--',
|
2012-06-24 14:09:43 +02:00
|
|
|
'-c', label.color,
|
2013-02-19 01:07:24 +01:00
|
|
|
'-i', label.icon_path,
|
2012-06-24 14:09:43 +02:00
|
|
|
'-l', str(label.index)])
|
2011-03-14 10:43:09 +01:00
|
|
|
qmemman_client.close()
|
|
|
|
if retcode != 0:
|
2014-05-15 18:35:01 +02:00
|
|
|
tray_notify_error('DisposableVM creation failed, see qubes-restore.log')
|
2011-03-14 10:43:09 +01:00
|
|
|
qvm_collection.unlock_db()
|
|
|
|
return None
|
2013-03-14 14:45:45 +01:00
|
|
|
f = open('/var/run/qubes/dispVM.xid', 'r');
|
2011-03-14 10:43:09 +01:00
|
|
|
disp_xid = f.readline().rstrip('\n')
|
|
|
|
disp_name = f.readline().rstrip('\n')
|
|
|
|
disptempl = f.readline().rstrip('\n')
|
|
|
|
f.close()
|
2013-02-25 06:48:29 +01:00
|
|
|
print >>sys.stderr, "time=%s, adding to qubes.xml" % (str(time.time()))
|
2011-03-14 10:43:09 +01:00
|
|
|
vm_disptempl = qvm_collection.get_vm_by_name(disptempl);
|
|
|
|
if vm_disptempl is None:
|
|
|
|
sys.stderr.write( 'Domain ' + disptempl + ' does not exist ?')
|
|
|
|
qvm_collection.unlock_db()
|
|
|
|
return None
|
2011-07-09 17:52:47 +02:00
|
|
|
dispid=int(disp_name[4:])
|
2013-01-16 23:49:24 +01:00
|
|
|
dispvm=qvm_collection.add_new_disposablevm(disp_name, vm_disptempl.template, label=label, dispid=dispid, netvm=vm_disptempl.netvm)
|
2011-10-31 01:28:46 +01:00
|
|
|
# By default inherit firewall rules from calling VM
|
|
|
|
if os.path.exists(vm.firewall_conf):
|
|
|
|
disp_firewall_conf = '/var/run/qubes/%s-firewall.xml' % disp_name
|
|
|
|
shutil.copy(vm.firewall_conf, disp_firewall_conf)
|
|
|
|
dispvm.firewall_conf = disp_firewall_conf
|
2012-06-24 14:09:43 +02:00
|
|
|
if len(sys.argv) > 5 and len(sys.argv[5]) > 0:
|
|
|
|
assert os.path.exists(sys.argv[5]), "Invalid firewall.conf location"
|
|
|
|
dispvm.firewall_conf = sys.argv[5]
|
2011-03-14 10:43:09 +01:00
|
|
|
qvm_collection.save()
|
|
|
|
qvm_collection.unlock_db()
|
2011-07-09 17:54:23 +02:00
|
|
|
# Reload firewall rules
|
2013-02-25 06:48:29 +01:00
|
|
|
print >>sys.stderr, "time=%s, reloading firewall" % (str(time.time()))
|
2011-07-09 17:54:23 +02:00
|
|
|
for vm in qvm_collection.values():
|
|
|
|
if vm.is_proxyvm() and vm.is_running():
|
|
|
|
vm.write_iptables_xenstore_entry()
|
2011-03-14 10:43:09 +01:00
|
|
|
|
|
|
|
return disp_name
|
|
|
|
|
|
|
|
def dvm_setup_ok(self):
|
|
|
|
dvmdata_dir = '/var/lib/qubes/dvmdata/'
|
|
|
|
if not os.path.isfile(current_savefile):
|
|
|
|
return False
|
2013-03-14 14:45:45 +01:00
|
|
|
if not os.path.isfile(dvmdata_dir+'default-savefile') or not os.path.isfile(dvmdata_dir+'savefile-root'):
|
2011-03-14 10:43:09 +01:00
|
|
|
return False
|
|
|
|
dvm_mtime = os.stat(current_savefile).st_mtime
|
2013-03-14 14:45:45 +01:00
|
|
|
root_mtime = os.stat(dvmdata_dir+'savefile-root').st_mtime
|
2011-03-14 10:43:09 +01:00
|
|
|
if dvm_mtime < root_mtime:
|
2014-03-28 04:27:51 +01:00
|
|
|
template_name = os.path.basename(os.path.dirname(os.readlink(dvmdata_dir+'savefile-root')))
|
|
|
|
if subprocess.call(["xl", "domid", template_name]) == 0:
|
2014-07-02 02:31:05 +02:00
|
|
|
tray_notify("For optimum performance, you should not "
|
|
|
|
"start DispVM when its template is running.", "red")
|
2011-03-14 10:43:09 +01:00
|
|
|
return False
|
|
|
|
return True
|
|
|
|
|
|
|
|
def get_dvm(self):
|
|
|
|
if not self.dvm_setup_ok():
|
2013-03-14 15:06:19 +01:00
|
|
|
if os.system("/usr/lib/qubes/qubes-update-dispvm-savefile-with-progress.sh >/dev/null </dev/null" ) != 0:
|
2014-06-04 02:47:04 +02:00
|
|
|
tray_notify_error("DVM savefile creation failed")
|
2011-03-14 10:43:09 +01:00
|
|
|
return None
|
|
|
|
return self.do_get_dvm()
|
|
|
|
|
|
|
|
def remove_disposable_from_qdb(self, name):
|
|
|
|
qvm_collection = QubesVmCollection()
|
|
|
|
qvm_collection.lock_db_for_writing()
|
|
|
|
qvm_collection.load()
|
|
|
|
vm = qvm_collection.get_vm_by_name(name)
|
|
|
|
if vm is None:
|
|
|
|
qvm_collection.unlock_db()
|
|
|
|
return False
|
|
|
|
qvm_collection.pop(vm.qid)
|
|
|
|
qvm_collection.save()
|
|
|
|
qvm_collection.unlock_db()
|
|
|
|
|
|
|
|
def main():
|
|
|
|
global notify_object
|
2011-07-06 12:32:20 +02:00
|
|
|
exec_index = sys.argv[1]
|
|
|
|
src_vmname = sys.argv[2]
|
2011-07-06 18:34:00 +02:00
|
|
|
user = sys.argv[3]
|
2012-06-24 14:09:43 +02:00
|
|
|
#accessed directly by get_dvm()
|
|
|
|
# sys.argv[4] - override label
|
|
|
|
# sys.argv[5] - override firewall
|
2011-07-06 18:34:00 +02:00
|
|
|
|
2013-02-25 06:48:29 +01:00
|
|
|
print >>sys.stderr, "time=%s, qfile-daemon-dvm init" % (str(time.time()))
|
2014-06-04 02:47:04 +02:00
|
|
|
tray_notify_init()
|
2013-02-25 06:48:29 +01:00
|
|
|
print >>sys.stderr, "time=%s, creating DispVM" % (str(time.time()))
|
2011-07-06 12:32:20 +02:00
|
|
|
qfile = QfileDaemonDvm(src_vmname)
|
2011-03-28 17:39:21 +02:00
|
|
|
lockf = open("/var/run/qubes/qfile-daemon-dvm.lock", 'a')
|
2011-06-29 19:32:49 +02:00
|
|
|
fcntl.fcntl(lockf, fcntl.F_SETFD, fcntl.FD_CLOEXEC)
|
2011-03-28 17:39:21 +02:00
|
|
|
fcntl.flock(lockf, fcntl.LOCK_EX)
|
2011-03-14 10:43:09 +01:00
|
|
|
dispname = qfile.get_dvm()
|
2011-03-28 17:39:21 +02:00
|
|
|
lockf.close()
|
2011-03-14 10:43:09 +01:00
|
|
|
if dispname is not None:
|
2013-02-25 06:48:29 +01:00
|
|
|
print >>sys.stderr, "time=%s, starting VM process" % (str(time.time()))
|
2013-03-14 04:06:55 +01:00
|
|
|
subprocess.call(['/usr/lib/qubes/qrexec-client', '-d', dispname,
|
|
|
|
user+':exec /usr/lib/qubes/qubes-rpc-multiplexer ' + exec_index + " " + src_vmname])
|
2011-06-01 23:44:06 +02:00
|
|
|
subprocess.call(['/usr/sbin/xl', 'destroy', dispname])
|
2011-03-14 10:43:09 +01:00
|
|
|
qfile.remove_disposable_from_qdb(dispname)
|
|
|
|
|
|
|
|
main()
|
2011-06-01 23:44:06 +02:00
|
|
|
|