qrexec: use $anyvm and $dispvm symbols
This commit is contained in:
Rafal Wojtczuk
Marek Marczykowski
parent
73ec4f595b
commit
259d08a83e
@ -1 +1 @@
|
|||||||
anyvm anyvm ask,user=root
|
$anyvm $anyvm ask,user=root
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
anyvm dispvm allow
|
$anyvm $dispvm allow
|
||||||
anyvm anyvm ask
|
$anyvm $anyvm ask
|
||||||
|
|||||||
@ -25,4 +25,4 @@ if ! [ $# = 1 ] ; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
exec /usr/lib/qubes/qrexec_client_vm dispvm qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$1"
|
exec /usr/lib/qubes/qrexec_client_vm '$dispvm' qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$1"
|
||||||
|
|||||||
@ -1 +1 @@
|
|||||||
anyvm dom0 allow
|
$anyvm dom0 allow
|
||||||
|
|||||||
@ -1 +1 @@
|
|||||||
anyvm dom0 allow
|
$anyvm dom0 allow
|
||||||
|
|||||||
@ -372,7 +372,7 @@ void sanitize_name(char * untrusted_s_signed)
|
|||||||
continue;
|
continue;
|
||||||
if (*untrusted_s >= '0' && *untrusted_s <= '9')
|
if (*untrusted_s >= '0' && *untrusted_s <= '9')
|
||||||
continue;
|
continue;
|
||||||
if (*untrusted_s == '_' || *untrusted_s == '-' || *untrusted_s == '.' || *untrusted_s == ' ')
|
if (*untrusted_s == '$' || *untrusted_s == '_' || *untrusted_s == '-' || *untrusted_s == '.' || *untrusted_s == ' ')
|
||||||
continue;
|
continue;
|
||||||
*untrusted_s = '_';
|
*untrusted_s = '_';
|
||||||
}
|
}
|
||||||
|
|||||||
@ -40,7 +40,7 @@ def read_policy_file(exec_index):
|
|||||||
return policy_list
|
return policy_list
|
||||||
|
|
||||||
def is_match(item, config_term):
|
def is_match(item, config_term):
|
||||||
return (item is not "dom0" and config_term == "anyvm") or item == config_term
|
return (item is not "dom0" and config_term == "$anyvm") or item == config_term
|
||||||
|
|
||||||
def get_default_policy():
|
def get_default_policy():
|
||||||
dict={}
|
dict={}
|
||||||
@ -76,7 +76,7 @@ def spawn_target_if_necessary(target):
|
|||||||
def do_execute(domain, target, user, exec_index, process_ident):
|
def do_execute(domain, target, user, exec_index, process_ident):
|
||||||
if target == "dom0":
|
if target == "dom0":
|
||||||
cmd="/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain
|
cmd="/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain
|
||||||
elif target == "dispvm":
|
elif target == "$dispvm":
|
||||||
cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain + " " +user
|
cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain + " " +user
|
||||||
else:
|
else:
|
||||||
# see the previous commit why "qvm-run -a" is broken and dangerous
|
# see the previous commit why "qvm-run -a" is broken and dangerous
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user