Store firewal rules in Python data structure
This commit is contained in:
parent
aa536fdbda
commit
0c1b6ca4b0
@ -1207,25 +1207,77 @@ class QubesAppVm(QubesVm):
|
|||||||
def create_appmenus(self, verbose):
|
def create_appmenus(self, verbose):
|
||||||
subprocess.check_call ([qubes_appmenu_create_cmd, self.template_vm.appmenus_templates_dir, self.name])
|
subprocess.check_call ([qubes_appmenu_create_cmd, self.template_vm.appmenus_templates_dir, self.name])
|
||||||
|
|
||||||
def write_firewall_conf(self, xml):
|
def write_firewall_conf(self, conf):
|
||||||
|
root = xml.etree.ElementTree.Element(
|
||||||
|
"QubesFirwallRules",
|
||||||
|
policy="allow" if conf["allow"] else "deny"
|
||||||
|
)
|
||||||
|
|
||||||
|
for rule in conf["rules"]:
|
||||||
|
element = xml.etree.ElementTree.Element(
|
||||||
|
"allow" if rule["allow"] else "deny",
|
||||||
|
name=rule["name"],
|
||||||
|
address=rule["address"],
|
||||||
|
netmask=str(rule["netmask"]),
|
||||||
|
port=str(rule["portBegin"]),
|
||||||
|
)
|
||||||
|
if rule["portEnd"] is not None:
|
||||||
|
element.set("toport", str(rule["portEnd"]))
|
||||||
|
root.append(element)
|
||||||
|
|
||||||
|
tree = xml.etree.ElementTree.ElementTree(root)
|
||||||
|
|
||||||
|
try:
|
||||||
f = open(self.firewall_conf, 'a') # create the file if not exist
|
f = open(self.firewall_conf, 'a') # create the file if not exist
|
||||||
f.close()
|
f.close()
|
||||||
|
|
||||||
with open(self.firewall_conf, 'w') as f:
|
with open(self.firewall_conf, 'w') as f:
|
||||||
fcntl.lockf(f, fcntl.LOCK_EX)
|
fcntl.lockf(f, fcntl.LOCK_EX)
|
||||||
xml.write(f, "UTF-8")
|
tree.write(f, "UTF-8")
|
||||||
fcntl.lockf(f, fcntl.LOCK_UN)
|
fcntl.lockf(f, fcntl.LOCK_UN)
|
||||||
f.close()
|
f.close()
|
||||||
|
except EnvironmentError as err:
|
||||||
|
print "{0}: save error: {1}".format(
|
||||||
|
os.path.basename(sys.argv[0]), err)
|
||||||
|
return False
|
||||||
|
|
||||||
|
return True
|
||||||
|
|
||||||
def get_firewall_conf(self):
|
def get_firewall_conf(self):
|
||||||
|
conf = { "allow": True, "rules": list() }
|
||||||
|
|
||||||
try:
|
try:
|
||||||
tree = xml.etree.ElementTree.parse(self.firewall_conf)
|
tree = xml.etree.ElementTree.parse(self.firewall_conf)
|
||||||
except (EnvironmentError,
|
root = tree.getroot()
|
||||||
xml.parsers.expat.ExpatError) as err:
|
|
||||||
|
for element in root:
|
||||||
|
rule = { "allow": element.tag=="allow" }
|
||||||
|
|
||||||
|
attr_list = ("name", "address", "netmask", "port", "toport")
|
||||||
|
|
||||||
|
for attribute in attr_list:
|
||||||
|
rule[attribute] = element.get(attribute)
|
||||||
|
|
||||||
|
rule["netmask"] = int(rule["netmask"])
|
||||||
|
rule["portBegin"] = int(rule["port"])
|
||||||
|
if rule["toport"] is not None:
|
||||||
|
rule["portEnd"] = int(rule["toport"])
|
||||||
|
else:
|
||||||
|
rule["portEnd"] = None
|
||||||
|
del(rule["port"])
|
||||||
|
del(rule["toport"])
|
||||||
|
|
||||||
|
conf["rules"].append(rule)
|
||||||
|
|
||||||
|
except (EnvironmentError) as err:
|
||||||
|
return conf
|
||||||
|
except (xml.parsers.expat.ExpatError,
|
||||||
|
ValueError, LookupError) as err:
|
||||||
print("{0}: load error: {1}".format(
|
print("{0}: load error: {1}".format(
|
||||||
os.path.basename(sys.argv[0]), err))
|
os.path.basename(sys.argv[0]), err))
|
||||||
return None
|
return None
|
||||||
|
|
||||||
return tree.getroot()
|
return conf
|
||||||
|
|
||||||
def get_disk_utilization_root_img(self):
|
def get_disk_utilization_root_img(self):
|
||||||
return 0
|
return 0
|
||||||
|
Loading…
Reference in New Issue
Block a user