Rename and fix from Marek's comments

This commit is contained in:
Frédéric Pierret (fepitre) 2019-05-07 13:54:29 +02:00
parent eaba6e54ba
commit 1c09a2c77e
No known key found for this signature in database
GPG Key ID: 484010B5CDC576E2
5 changed files with 26 additions and 22 deletions

View File

@ -184,7 +184,7 @@ endif
cp qubes-rpc-policy/qubes.VMShell.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.VMShell cp qubes-rpc-policy/qubes.VMShell.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.VMShell
cp qubes-rpc-policy/qubes.UpdatesProxy.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.UpdatesProxy cp qubes-rpc-policy/qubes.UpdatesProxy.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.UpdatesProxy
cp qubes-rpc-policy/qubes.GetDate.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.GetDate cp qubes-rpc-policy/qubes.GetDate.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.GetDate
cp qubes-rpc-policy/admin.vm.Terminal.policy $(DESTDIR)/etc/qubes-rpc/policy/admin.vm.Terminal cp qubes-rpc-policy/admin.vm.Console.policy $(DESTDIR)/etc/qubes-rpc/policy/admin.vm.Console
cp qubes-rpc-policy/policy.RegisterArgument.policy $(DESTDIR)/etc/qubes-rpc/policy/policy.RegisterArgument cp qubes-rpc-policy/policy.RegisterArgument.policy $(DESTDIR)/etc/qubes-rpc/policy/policy.RegisterArgument
cp qubes-rpc/qubes.FeaturesRequest $(DESTDIR)/etc/qubes-rpc/ cp qubes-rpc/qubes.FeaturesRequest $(DESTDIR)/etc/qubes-rpc/
cp qubes-rpc/qubes.GetDate $(DESTDIR)/etc/qubes-rpc/ cp qubes-rpc/qubes.GetDate $(DESTDIR)/etc/qubes-rpc/
@ -196,13 +196,13 @@ endif
install -m 0755 qvm-tools/qubes-bug-report $(DESTDIR)/usr/bin/qubes-bug-report install -m 0755 qvm-tools/qubes-bug-report $(DESTDIR)/usr/bin/qubes-bug-report
install -m 0755 qvm-tools/qubes-hcl-report $(DESTDIR)/usr/bin/qubes-hcl-report install -m 0755 qvm-tools/qubes-hcl-report $(DESTDIR)/usr/bin/qubes-hcl-report
install -m 0755 qvm-tools/qvm-sync-clock $(DESTDIR)/usr/bin/qvm-sync-clock install -m 0755 qvm-tools/qvm-sync-clock $(DESTDIR)/usr/bin/qvm-sync-clock
install -m 0755 qvm-tools/qvm-terminal-dispvm $(DESTDIR)/usr/bin/qvm-terminal-dispvm install -m 0755 qvm-tools/qvm-console-dispvm $(DESTDIR)/usr/bin/qvm-console-dispvm
for method in $(ADMIN_API_METHODS_SIMPLE); do \ for method in $(ADMIN_API_METHODS_SIMPLE); do \
ln -s ../../usr/libexec/qubes/qubesd-query-fast \ ln -s ../../usr/libexec/qubes/qubesd-query-fast \
$(DESTDIR)/etc/qubes-rpc/$$method || exit 1; \ $(DESTDIR)/etc/qubes-rpc/$$method || exit 1; \
done done
install qubes-rpc/admin.vm.volume.Import $(DESTDIR)/etc/qubes-rpc/ install qubes-rpc/admin.vm.volume.Import $(DESTDIR)/etc/qubes-rpc/
install qubes-rpc/admin.vm.Terminal $(DESTDIR)/etc/qubes-rpc/ install qubes-rpc/admin.vm.Console $(DESTDIR)/etc/qubes-rpc/
PYTHONPATH=.:test-packages qubes-rpc-policy/generate-admin-policy \ PYTHONPATH=.:test-packages qubes-rpc-policy/generate-admin-policy \
--destdir=$(DESTDIR)/etc/qubes-rpc/policy \ --destdir=$(DESTDIR)/etc/qubes-rpc/policy \
--exclude admin.vm.Create.AdminVM \ --exclude admin.vm.Create.AdminVM \

View File

@ -3,7 +3,7 @@
## Please use a single # to start your custom comments ## Please use a single # to start your custom comments
# WARNING: The qubes.ShowTerminal service is dangerous and allows any # WARNING: The admin.vm.Console service is dangerous and allows any
# qube to access any other qube console. It should be restricted # qube to access any other qube console. It should be restricted
# only to management/admin qubes. This is why the default policy is 'deny' # only to management/admin qubes. This is why the default policy is 'deny'

22
qvm-tools/qvm-console-dispvm Executable file
View File

@ -0,0 +1,22 @@
#!/bin/bash
print_usage() {
cat >&2 << USAGE
Usage: $0 vmname
Connects to VM console throught DispVM using the qubes.ShowInTerminal RPC service.
USAGE
}
if [ $# -lt 1 ]; then
print_usage
exit 1
fi
QREXEC_REQUESTED_TARGET="$1"
qvm-check --quiet --running "$QREXEC_REQUESTED_TARGET" > /dev/null 2>&1 || { echo "Error: domain '$QREXEC_REQUESTED_TARGET' does not exist or is not running"; exit 1; }
DISPVM="$(qvm-prefs "$QREXEC_REQUESTED_TARGET" management_dispvm)"
[[ "x$DISPVM" == "x" ]] && { echo "Error: cannot determine default DispVM to use"; exit 1; }
sudo qvm-run -p --localcmd="QREXEC_REQUESTED_TARGET=$QREXEC_REQUESTED_TARGET /etc/qubes-rpc/admin.vm.Console" --service --dispvm="$DISPVM" -- qubes.ShowInTerminal

View File

@ -1,18 +0,0 @@
#!/bin/bash
print_usage() {
cat >&2 << USAGE
Usage: $0 vmname
Connects to VM console throught DispVM using the admin.vm.TerminalDispVM RPC service.
USAGE
}
if [ $# -lt 1 ]; then
print_usage
exit 1
fi
QREXEC_REQUESTED_TARGET="$1"
qvm-check --quiet "$QREXEC_REQUESTED_TARGET" > /dev/null 2>&1 || { echo "Error: no such domain: '$QREXEC_REQUESTED_TARGET'"; exit 1; }
sudo qvm-run -p --localcmd="QREXEC_REQUESTED_TARGET=$QREXEC_REQUESTED_TARGET /etc/qubes-rpc/admin.vm.Terminal" --service --dispvm="$(qubes-prefs management_dispvm)" -- admin.vm.TerminalDispVM