The Underscores Revolution: xenstore paths
This commit is contained in:
Marek Marczykowski
parent
4dbe0e0210
commit
1cbb17cb2b
@ -36,15 +36,15 @@ if [ "$ID" = "" ] ; then
|
|||||||
fi
|
fi
|
||||||
echo "Waiting for DVM domainid=$ID ..."
|
echo "Waiting for DVM domainid=$ID ..."
|
||||||
if [ -n "$ENCODED_SCRIPT" ] ; then
|
if [ -n "$ENCODED_SCRIPT" ] ; then
|
||||||
xenstore-write /local/domain/$ID/qubes_save_script "$ENCODED_SCRIPT"
|
xenstore-write /local/domain/$ID/qubes-save-script "$ENCODED_SCRIPT"
|
||||||
fi
|
fi
|
||||||
#set -x
|
#set -x
|
||||||
xenstore-write /local/domain/$ID/qubes_save_request 1
|
xenstore-write /local/domain/$ID/qubes-save-request 1
|
||||||
xenstore-watch-qubes /local/domain/$ID/device/qubes_used_mem
|
xenstore-watch-qubes /local/domain/$ID/device/qubes-used-mem
|
||||||
xenstore-read /local/domain/$ID/qubes_gateway | \
|
xenstore-read /local/domain/$ID/qubes-gateway | \
|
||||||
cut -d . -f 3 | tr -d "\n" > $VMDIR/netvm_id.txt
|
cut -d . -f 3 | tr -d "\n" > $VMDIR/netvm_id.txt
|
||||||
xl block-detach $1 xvdb
|
xl block-detach $1 xvdb
|
||||||
MEM=$(xenstore-read /local/domain/$ID/device/qubes_used_mem)
|
MEM=$(xenstore-read /local/domain/$ID/device/qubes-used-mem)
|
||||||
echo "DVM boot complete, memory used=$MEM. Saving image..."
|
echo "DVM boot complete, memory used=$MEM. Saving image..."
|
||||||
QMEMMAN_STOP=/var/run/qubes/do-not-membalance
|
QMEMMAN_STOP=/var/run/qubes/do-not-membalance
|
||||||
touch $QMEMMAN_STOP
|
touch $QMEMMAN_STOP
|
||||||
|
|||||||
@ -369,15 +369,15 @@ void setup_xenstore(int netvm_id, int domid, int dvmid, char *name)
|
|||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
write_xs_single(xs, domid, "qubes_ip",
|
write_xs_single(xs, domid, "qubes-ip",
|
||||||
build_dvm_ip(netvm_id, dvmid));
|
build_dvm_ip(netvm_id, dvmid));
|
||||||
write_xs_single(xs, domid, "qubes_netmask", "255.255.0.0");
|
write_xs_single(xs, domid, "qubes-netmask", "255.255.0.0");
|
||||||
snprintf(val, sizeof(val), "10.137.%d.1", netvm_id);
|
snprintf(val, sizeof(val), "10.137.%d.1", netvm_id);
|
||||||
write_xs_single(xs, domid, "qubes_gateway", val);
|
write_xs_single(xs, domid, "qubes-gateway", val);
|
||||||
snprintf(val, sizeof(val), "10.137.%d.254", netvm_id);
|
snprintf(val, sizeof(val), "10.137.%d.254", netvm_id);
|
||||||
write_xs_single(xs, domid, "qubes_secondary_dns", val);
|
write_xs_single(xs, domid, "qubes-secondary-dns", val);
|
||||||
write_xs_single(xs, domid, "qubes_vm_type", "DisposableVM");
|
write_xs_single(xs, domid, "qubes-vm-type", "DisposableVM");
|
||||||
write_xs_single(xs, domid, "qubes_restore_complete", "True");
|
write_xs_single(xs, domid, "qubes-restore-complete", "True");
|
||||||
|
|
||||||
perm[0].id = domid;
|
perm[0].id = domid;
|
||||||
perm[0].perms = XS_PERM_NONE;
|
perm[0].perms = XS_PERM_NONE;
|
||||||
|
|||||||
@ -883,33 +883,33 @@ class QubesVm(object):
|
|||||||
|
|
||||||
# Set Xen Store entires with VM networking info:
|
# Set Xen Store entires with VM networking info:
|
||||||
|
|
||||||
xs.write('', "{0}/qubes_vm_type".format(domain_path),
|
xs.write('', "{0}/qubes-vm-type".format(domain_path),
|
||||||
self.type)
|
self.type)
|
||||||
xs.write('', "{0}/qubes_vm_updateable".format(domain_path),
|
xs.write('', "{0}/qubes-vm-updateable".format(domain_path),
|
||||||
str(self.updateable))
|
str(self.updateable))
|
||||||
|
|
||||||
if self.is_netvm():
|
if self.is_netvm():
|
||||||
xs.write('',
|
xs.write('',
|
||||||
"{0}/qubes_netvm_gateway".format(domain_path),
|
"{0}/qubes-netvm-gateway".format(domain_path),
|
||||||
self.gateway)
|
self.gateway)
|
||||||
xs.write('',
|
xs.write('',
|
||||||
"{0}/qubes_netvm_secondary_dns".format(domain_path),
|
"{0}/qubes-netvm-secondary-dns".format(domain_path),
|
||||||
self.secondary_dns)
|
self.secondary_dns)
|
||||||
xs.write('',
|
xs.write('',
|
||||||
"{0}/qubes_netvm_netmask".format(domain_path),
|
"{0}/qubes-netvm-netmask".format(domain_path),
|
||||||
self.netmask)
|
self.netmask)
|
||||||
xs.write('',
|
xs.write('',
|
||||||
"{0}/qubes_netvm_network".format(domain_path),
|
"{0}/qubes-netvm-network".format(domain_path),
|
||||||
self.network)
|
self.network)
|
||||||
|
|
||||||
if self.netvm is not None:
|
if self.netvm is not None:
|
||||||
xs.write('', "{0}/qubes_ip".format(domain_path), self.ip)
|
xs.write('', "{0}/qubes-ip".format(domain_path), self.ip)
|
||||||
xs.write('', "{0}/qubes_netmask".format(domain_path),
|
xs.write('', "{0}/qubes-netmask".format(domain_path),
|
||||||
self.netvm.netmask)
|
self.netvm.netmask)
|
||||||
xs.write('', "{0}/qubes_gateway".format(domain_path),
|
xs.write('', "{0}/qubes-gateway".format(domain_path),
|
||||||
self.netvm.gateway)
|
self.netvm.gateway)
|
||||||
xs.write('',
|
xs.write('',
|
||||||
"{0}/qubes_secondary_dns".format(domain_path),
|
"{0}/qubes-secondary-dns".format(domain_path),
|
||||||
self.netvm.secondary_dns)
|
self.netvm.secondary_dns)
|
||||||
|
|
||||||
tzname = self.get_timezone()
|
tzname = self.get_timezone()
|
||||||
@ -1935,7 +1935,7 @@ class QubesNetVm(QubesVm):
|
|||||||
|
|
||||||
|
|
||||||
super(QubesNetVm, self).create_xenstore_entries(xid)
|
super(QubesNetVm, self).create_xenstore_entries(xid)
|
||||||
xs.write('', "/local/domain/{0}/qubes_netvm_external_ip".format(xid), '')
|
xs.write('', "/local/domain/{0}/qubes-netvm-external-ip".format(xid), '')
|
||||||
self.update_external_ip_permissions(xid)
|
self.update_external_ip_permissions(xid)
|
||||||
|
|
||||||
def update_external_ip_permissions(self, xid = -1):
|
def update_external_ip_permissions(self, xid = -1):
|
||||||
@ -1946,7 +1946,7 @@ class QubesNetVm(QubesVm):
|
|||||||
|
|
||||||
command = [
|
command = [
|
||||||
"/usr/bin/xenstore-chmod",
|
"/usr/bin/xenstore-chmod",
|
||||||
"/local/domain/{0}/qubes_netvm_external_ip".format(xid)
|
"/local/domain/{0}/qubes-netvm-external-ip".format(xid)
|
||||||
]
|
]
|
||||||
|
|
||||||
command.append("n{0}".format(xid))
|
command.append("n{0}".format(xid))
|
||||||
@ -2093,8 +2093,8 @@ class QubesProxyVm(QubesNetVm):
|
|||||||
|
|
||||||
|
|
||||||
super(QubesProxyVm, self).create_xenstore_entries(xid)
|
super(QubesProxyVm, self).create_xenstore_entries(xid)
|
||||||
xs.write('', "/local/domain/{0}/qubes_iptables_error".format(xid), '')
|
xs.write('', "/local/domain/{0}/qubes-iptables-error".format(xid), '')
|
||||||
xs.set_permissions('', "/local/domain/{0}/qubes_iptables_error".format(xid),
|
xs.set_permissions('', "/local/domain/{0}/qubes-iptables-error".format(xid),
|
||||||
[{ 'dom': xid, 'write': True }])
|
[{ 'dom': xid, 'write': True }])
|
||||||
self.write_iptables_xenstore_entry()
|
self.write_iptables_xenstore_entry()
|
||||||
|
|
||||||
@ -2106,13 +2106,13 @@ class QubesProxyVm(QubesNetVm):
|
|||||||
xid = self.get_xid()
|
xid = self.get_xid()
|
||||||
|
|
||||||
if self.netvm is None:
|
if self.netvm is None:
|
||||||
xs.write('', "/local/domain/{0}/qubes_netvm_domid".format(xid), '')
|
xs.write('', "/local/domain/{0}/qubes-netvm-domid".format(xid), '')
|
||||||
else:
|
else:
|
||||||
xs.write('', "/local/domain/{0}/qubes_netvm_domid".format(xid),
|
xs.write('', "/local/domain/{0}/qubes-netvm-domid".format(xid),
|
||||||
"{0}".format(self.netvm.get_xid()))
|
"{0}".format(self.netvm.get_xid()))
|
||||||
|
|
||||||
def write_iptables_xenstore_entry(self):
|
def write_iptables_xenstore_entry(self):
|
||||||
xs.rm('', "/local/domain/{0}/qubes_iptables_domainrules".format(self.get_xid()))
|
xs.rm('', "/local/domain/{0}/qubes-iptables-domainrules".format(self.get_xid()))
|
||||||
iptables = "# Generated by Qubes Core on {0}\n".format(datetime.now().ctime())
|
iptables = "# Generated by Qubes Core on {0}\n".format(datetime.now().ctime())
|
||||||
iptables += "*filter\n"
|
iptables += "*filter\n"
|
||||||
iptables += ":INPUT DROP [0:0]\n"
|
iptables += ":INPUT DROP [0:0]\n"
|
||||||
@ -2132,7 +2132,7 @@ class QubesProxyVm(QubesNetVm):
|
|||||||
# Deny inter-VMs networking
|
# Deny inter-VMs networking
|
||||||
iptables += "-A FORWARD -i vif+ -o vif+ -j DROP\n"
|
iptables += "-A FORWARD -i vif+ -o vif+ -j DROP\n"
|
||||||
iptables += "COMMIT\n"
|
iptables += "COMMIT\n"
|
||||||
xs.write('', "/local/domain/{0}/qubes_iptables_header".format(self.get_xid()), iptables)
|
xs.write('', "/local/domain/{0}/qubes-iptables-header".format(self.get_xid()), iptables)
|
||||||
|
|
||||||
vms = [vm for vm in self.connected_vms.values()]
|
vms = [vm for vm in self.connected_vms.values()]
|
||||||
for vm in vms:
|
for vm in vms:
|
||||||
@ -2186,13 +2186,13 @@ class QubesProxyVm(QubesNetVm):
|
|||||||
|
|
||||||
iptables += "-A FORWARD -s {0} -j {1}\n".format(ip, default_action)
|
iptables += "-A FORWARD -s {0} -j {1}\n".format(ip, default_action)
|
||||||
iptables += "COMMIT\n"
|
iptables += "COMMIT\n"
|
||||||
xs.write('', "/local/domain/"+str(self.get_xid())+"/qubes_iptables_domainrules/"+str(xid), iptables)
|
xs.write('', "/local/domain/"+str(self.get_xid())+"/qubes-iptables-domainrules/"+str(xid), iptables)
|
||||||
# no need for ending -A FORWARD -j DROP, cause default action is DROP
|
# no need for ending -A FORWARD -j DROP, cause default action is DROP
|
||||||
|
|
||||||
self.write_netvm_domid_entry()
|
self.write_netvm_domid_entry()
|
||||||
|
|
||||||
self.rules_applied = None
|
self.rules_applied = None
|
||||||
xs.write('', "/local/domain/{0}/qubes_iptables".format(self.get_xid()), 'reload')
|
xs.write('', "/local/domain/{0}/qubes-iptables".format(self.get_xid()), 'reload')
|
||||||
|
|
||||||
class QubesDom0NetVm(QubesNetVm):
|
class QubesDom0NetVm(QubesNetVm):
|
||||||
def __init__(self, **kwargs):
|
def __init__(self, **kwargs):
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user