Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'woju/devel-adminext' into core3-devel

Browse Source
This commit is contained in:
Marek Marczykowski-Górecki 2017-06-23 10:34:11 +02:00
commit 26013122a0
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
3 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
qubes/ext/admin.py Normal file
View File

@ -0,0 +1,36 @@
# -*- encoding: utf8 -*-
#
# The Qubes OS Project, http://www.qubes-os.org
#
# Copyright (C) 2017 Wojtek Porczyk <woju@invisiblethingslab.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, see <http://www.gnu.org/licenses/>.
import qubes.api
import qubes.ext
class AdminExtension(qubes.ext.Extension):
# pylint: disable=too-few-public-methods
@qubes.ext.handler(
'mgmt-permission:admin.vm.tag.Set',
'mgmt-permission:admin.vm.tag.Remove')
def on_tag_set_or_remove(self, vm, event, arg, **kwargs):
'''Forbid changing specific tags'''
# pylint: disable=no-self-use,unused-argument
if arg.startswith('created-by-'):
raise qubes.api.PermissionDenied(
'changing this tag is prohibited by {}.{}'.format(
__name__, type(self).__name__))
# TODO create that tag here (need to figure out how to pass mgmtvm name)

1
rpm_spec/core-dom0.spec
View File

@ -285,6 +285,7 @@ fi
%dir %{python3_sitelib}/qubes/ext/__pycache__
%{python3_sitelib}/qubes/ext/__pycache__/*
%{python3_sitelib}/qubes/ext/__init__.py
%{python3_sitelib}/qubes/ext/admin.py
%{python3_sitelib}/qubes/ext/block.py
%{python3_sitelib}/qubes/ext/core_features.py
%{python3_sitelib}/qubes/ext/gui.py

1
setup.py
View File

@ -43,6 +43,7 @@ if __name__ == '__main__':
'DispVM = qubes.vm.dispvm:DispVM',
],
'qubes.ext': [
'qubes.ext.admin = qubes.ext.admin:AdminExtension',
'qubes.ext.core_features = qubes.ext.core_features:CoreFeatures',
'qubes.ext.qubesmanager = qubes.ext.qubesmanager:QubesManager',
'qubes.ext.gui = qubes.ext.gui:GUI',