core: fix handling firewall configuration for VM clones and DispVMs (#1032)

There were two bugs:
1. Firewall configuration wasn't copied during qvm-clone (it is in
   separate file, so now it is included in vm.clone_disk_files).
2. Non-default firewall configuration wasn't stored in qubes.xml. This
   means that initially DispVM got proper configuration (inherited from
   calling VM), but if anything caused firewall reload (for example
   starting another VM), the firewall rules was cleared to default state
   (allow all).

Fixes qubesos/qubes-issues#1032
This commit is contained in:
Marek Marczykowski-Górecki 2015-07-08 04:42:58 +02:00
parent a7e08e4584
commit 1199806b5a

View File

@ -196,7 +196,7 @@ class QubesVm(object):
'backup_content', 'backup_size', 'backup_path' ]: 'backup_content', 'backup_size', 'backup_path' ]:
attrs[prop]['save'] = lambda prop=prop: str(getattr(self, prop)) attrs[prop]['save'] = lambda prop=prop: str(getattr(self, prop))
# Simple paths # Simple paths
for prop in ['conf_file']: for prop in ['conf_file', 'firewall_conf']:
attrs[prop]['save'] = \ attrs[prop]['save'] = \
lambda prop=prop: self.relative_path(getattr(self, prop)) lambda prop=prop: self.relative_path(getattr(self, prop))
attrs[prop]['save_skip'] = \ attrs[prop]['save_skip'] = \
@ -1246,6 +1246,9 @@ class QubesVm(object):
print >> sys.stderr, "--> Copying icon: {0} -> {1}".format(src_vm.icon_path, self.icon_path) print >> sys.stderr, "--> Copying icon: {0} -> {1}".format(src_vm.icon_path, self.icon_path)
shutil.copy(src_vm.icon_path, self.icon_path) shutil.copy(src_vm.icon_path, self.icon_path)
if src_vm.has_firewall():
self.write_firewall_conf(src_vm.get_firewall_conf())
# Make sure that we have UUID allocated # Make sure that we have UUID allocated
self._update_libvirt_domain() self._update_libvirt_domain()