dom0+vm: introduce 'qubes-service' xenstore dir - enable/disable VM services from dom0

This allows control which services are started in VM by dom0. For some situation vm_type was used, but it isn't enough - i.e. ntpd should be started in one, selected NetVM.
2011-10-01 02:49:25 +02:00 · 2011-10-01 02:49:25 +02:00 · 287da572e9
commit 287da572e9
parent d456ec4575
5 changed files with 38 additions and 15 deletions
--- a/appvm/qubes_core_appvm
+++ b/appvm/qubes_core_appvm
@ -30,9 +30,17 @@ start()
 		# This script runs only on AppVMs
 		return 0
 	fi
-    
+
 	# Start AppVM specific services
-	/sbin/service cups start
+	start_cups=$(/usr/bin/xenstore-read qubes-service/cups 2> /dev/null)
+	if [ "$start_cups" != "0" ]; then
+		/sbin/service cups start
+		# Allow also notification icon
+		sed -i -e '/^NotShowIn=.*QUBES/s/;QUBES//' /etc/xdg/autostart/print-applet.desktop
+	else
+		# Disable notification icon
+		sed -i -e '/QUBES/!s/^NotShowIn=.*/\1QUBES;/' /etc/xdg/autostart/print-applet.desktop
+	fi

 	echo -n $"Executing Qubes Core scripts for AppVM:"

@ -52,9 +60,12 @@ start()
 		echo Back to life.
 	fi

-	MEM_CHANGE_THRESHOLD_KB=30000
-	MEMINFO_DELAY_USEC=100000
-	/usr/lib/qubes/meminfo-writer $MEM_CHANGE_THRESHOLD_KB $MEMINFO_DELAY_USEC &
+	start_meminfo_writer=$(/usr/bin/xenstore-read qubes-service/meminfo-writer)
+	if [ "$start_meminfo_writer" != "0" ]; then
+		MEM_CHANGE_THRESHOLD_KB=30000
+		MEMINFO_DELAY_USEC=100000
+		/usr/lib/qubes/meminfo-writer $MEM_CHANGE_THRESHOLD_KB $MEMINFO_DELAY_USEC &
+	fi

 	success
 	echo ""
--- a/common/qubes_core
+++ b/common/qubes_core
@ -77,8 +77,8 @@ start()
 	success
 	echo ""

-	type=$(/usr/bin/xenstore-read qubes_vm_type)
-	if [ "$type" == "ProxyVM" ]; then
+	start_ntpd=$(/usr/bin/xenstore-read qubes-service/ntpd 2> /dev/null)
+	if [ "$start_ntpd" == "1" ]; then
 		/sbin/service ntpd start
 	fi
 	return 0
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@ -204,7 +204,8 @@ class QubesVm(object):
                 kernel = None,
                 uses_default_kernel = True,
                 kernelopts = "",
-                 uses_default_kernelopts = True):
+                 uses_default_kernelopts = True,
+                 services = None):


        assert qid < qubes_max_qid, "VM id out of bounds!"
@ -325,6 +326,10 @@ class QubesVm(object):
        else:
            self.kernelopts = kernelopts

+        self.services = {}
+        if services is not None:
+            self.services = eval(str(services))
+
        # Internal VM (not shown in qubes-manager, doesn't create appmenus entries
        self.internal = internal

@ -658,6 +663,11 @@ class QubesVm(object):
                    "{0}/qubes_secondary_dns".format(domain_path),
                    self.netvm_vm.secondary_dns)

+        for srv in self.services.keys():
+            # convert True/False to "1"/"0"
+            xs.write('', "{0}/qubes-service/{1}".format(domain_path, srv),
+                    str(int(self.services[srv])))
+
        xs.write('',
                "{0}/qubes-block-devices".format(domain_path),
                '')
@ -1119,6 +1129,7 @@ class QubesVm(object):
        attrs["kernel"] = str(self.kernel)
        attrs["uses_default_kernelopts"] = str(self.uses_default_kernelopts)
        attrs["kernelopts"] = str(self.kernelopts)
+        attrs["services"] = str(self.services)
        return attrs

    def create_xml_element(self):
@ -2114,7 +2125,8 @@ class QubesVmCollection(dict):
                "private_img", "root_img", "template_qid",
                "installed_by_rpm", "updateable", "internal",
                "uses_default_netvm", "label", "memory", "vcpus", "pcidevs",
-                "maxmem", "kernel", "uses_default_kernel", "kernelopts", "uses_default_kernelopts" )
+                "maxmem", "kernel", "uses_default_kernel", "kernelopts", "uses_default_kernelopts",
+                "services" )

        for attribute in common_attr_list:
            kwargs[attribute] = element.get(attribute)
--- a/proxyvm/init.d/qubes_firewall
+++ b/proxyvm/init.d/qubes_firewall
@ -11,7 +11,8 @@ PIDFILE=/var/run/qubes/qubes_firewall.pid
 start()
 {
    type=$(/usr/bin/xenstore-read qubes_vm_type)
-    if [ "$type" == "ProxyVM" ]; then
+    start_firewall=$(/usr/bin/xenstore-read qubes-service/qubes-firewall)
+    if [ -z "$start_firewall" ] && [ "$type" == "ProxyVM" ] || [ "$start_firewall" == "1" ]; then
        echo -n $"Starting Qubes Firewall monitor:"
        /sbin/ethtool -K eth0 sg off
        /usr/sbin/qubes_firewall &
@ -23,8 +24,7 @@ start()

 stop()
 {
-    type=$(/usr/bin/xenstore-read qubes_vm_type)
-    if [ "$type" == "ProxyVM" ]; then
+    if [ -r $PIDFILE ]; then
        echo -n "Stopping Qubes Firewall monitor:"
        kill -9 $(cat $PIDFILE) 2>/dev/null  && success || failure
        echo ""
--- a/proxyvm/init.d/qubes_netwatcher
+++ b/proxyvm/init.d/qubes_netwatcher
@ -11,7 +11,8 @@ PIDFILE=/var/run/qubes/qubes_netwatcher.pid
 start()
 {
    type=$(/usr/bin/xenstore-read qubes_vm_type)
-    if [ "$type" == "ProxyVM" ]; then
+    start_netwatcher=$(/usr/bin/xenstore-read qubes-service/qubes-netwatcher)
+    if [ -z "$start_netwatcher" ] && [ "$type" == "ProxyVM" ] || [ "$start_netwatcher" == "1" ]; then
        echo -n $"Starting Qubes Network monitor:"
        /sbin/ethtool -K eth0 sg off
        /usr/sbin/qubes_netwatcher &
@ -23,8 +24,7 @@ start()

 stop()
 {
-    type=$(/usr/bin/xenstore-read qubes_vm_type)
-    if [ "$type" == "ProxyVM" ]; then
+    if [ -r "$PIDFILE" ]; then
        echo -n "Stopping Qubes Network monitor:"
        kill -9 $(cat $PIDFILE) 2>/dev/null  && success || failure
        echo ""