From 287da572e9e93e6d1b1d652569af9052efa85803 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Sat, 1 Oct 2011 02:49:25 +0200 Subject: [PATCH] dom0+vm: introduce 'qubes-service' xenstore dir - enable/disable VM services from dom0 This allows control which services are started in VM by dom0. For some situation vm_type was used, but it isn't enough - i.e. ntpd should be started in one, selected NetVM. --- appvm/qubes_core_appvm | 21 ++++++++++++++++----- common/qubes_core | 4 ++-- dom0/qvm-core/qubes.py | 16 ++++++++++++++-- proxyvm/init.d/qubes_firewall | 6 +++--- proxyvm/init.d/qubes_netwatcher | 6 +++--- 5 files changed, 38 insertions(+), 15 deletions(-) diff --git a/appvm/qubes_core_appvm b/appvm/qubes_core_appvm index a4c24651..085b5447 100755 --- a/appvm/qubes_core_appvm +++ b/appvm/qubes_core_appvm @@ -30,9 +30,17 @@ start() # This script runs only on AppVMs return 0 fi - + # Start AppVM specific services - /sbin/service cups start + start_cups=$(/usr/bin/xenstore-read qubes-service/cups 2> /dev/null) + if [ "$start_cups" != "0" ]; then + /sbin/service cups start + # Allow also notification icon + sed -i -e '/^NotShowIn=.*QUBES/s/;QUBES//' /etc/xdg/autostart/print-applet.desktop + else + # Disable notification icon + sed -i -e '/QUBES/!s/^NotShowIn=.*/\1QUBES;/' /etc/xdg/autostart/print-applet.desktop + fi echo -n $"Executing Qubes Core scripts for AppVM:" @@ -52,9 +60,12 @@ start() echo Back to life. fi - MEM_CHANGE_THRESHOLD_KB=30000 - MEMINFO_DELAY_USEC=100000 - /usr/lib/qubes/meminfo-writer $MEM_CHANGE_THRESHOLD_KB $MEMINFO_DELAY_USEC & + start_meminfo_writer=$(/usr/bin/xenstore-read qubes-service/meminfo-writer) + if [ "$start_meminfo_writer" != "0" ]; then + MEM_CHANGE_THRESHOLD_KB=30000 + MEMINFO_DELAY_USEC=100000 + /usr/lib/qubes/meminfo-writer $MEM_CHANGE_THRESHOLD_KB $MEMINFO_DELAY_USEC & + fi success echo "" diff --git a/common/qubes_core b/common/qubes_core index 7b63241d..f04f5eb9 100755 --- a/common/qubes_core +++ b/common/qubes_core @@ -77,8 +77,8 @@ start() success echo "" - type=$(/usr/bin/xenstore-read qubes_vm_type) - if [ "$type" == "ProxyVM" ]; then + start_ntpd=$(/usr/bin/xenstore-read qubes-service/ntpd 2> /dev/null) + if [ "$start_ntpd" == "1" ]; then /sbin/service ntpd start fi return 0 diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index 4a9bb2cd..d92d9b6d 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -204,7 +204,8 @@ class QubesVm(object): kernel = None, uses_default_kernel = True, kernelopts = "", - uses_default_kernelopts = True): + uses_default_kernelopts = True, + services = None): assert qid < qubes_max_qid, "VM id out of bounds!" @@ -325,6 +326,10 @@ class QubesVm(object): else: self.kernelopts = kernelopts + self.services = {} + if services is not None: + self.services = eval(str(services)) + # Internal VM (not shown in qubes-manager, doesn't create appmenus entries self.internal = internal @@ -658,6 +663,11 @@ class QubesVm(object): "{0}/qubes_secondary_dns".format(domain_path), self.netvm_vm.secondary_dns) + for srv in self.services.keys(): + # convert True/False to "1"/"0" + xs.write('', "{0}/qubes-service/{1}".format(domain_path, srv), + str(int(self.services[srv]))) + xs.write('', "{0}/qubes-block-devices".format(domain_path), '') @@ -1119,6 +1129,7 @@ class QubesVm(object): attrs["kernel"] = str(self.kernel) attrs["uses_default_kernelopts"] = str(self.uses_default_kernelopts) attrs["kernelopts"] = str(self.kernelopts) + attrs["services"] = str(self.services) return attrs def create_xml_element(self): @@ -2114,7 +2125,8 @@ class QubesVmCollection(dict): "private_img", "root_img", "template_qid", "installed_by_rpm", "updateable", "internal", "uses_default_netvm", "label", "memory", "vcpus", "pcidevs", - "maxmem", "kernel", "uses_default_kernel", "kernelopts", "uses_default_kernelopts" ) + "maxmem", "kernel", "uses_default_kernel", "kernelopts", "uses_default_kernelopts", + "services" ) for attribute in common_attr_list: kwargs[attribute] = element.get(attribute) diff --git a/proxyvm/init.d/qubes_firewall b/proxyvm/init.d/qubes_firewall index 2d1218ec..459e0c49 100755 --- a/proxyvm/init.d/qubes_firewall +++ b/proxyvm/init.d/qubes_firewall @@ -11,7 +11,8 @@ PIDFILE=/var/run/qubes/qubes_firewall.pid start() { type=$(/usr/bin/xenstore-read qubes_vm_type) - if [ "$type" == "ProxyVM" ]; then + start_firewall=$(/usr/bin/xenstore-read qubes-service/qubes-firewall) + if [ -z "$start_firewall" ] && [ "$type" == "ProxyVM" ] || [ "$start_firewall" == "1" ]; then echo -n $"Starting Qubes Firewall monitor:" /sbin/ethtool -K eth0 sg off /usr/sbin/qubes_firewall & @@ -23,8 +24,7 @@ start() stop() { - type=$(/usr/bin/xenstore-read qubes_vm_type) - if [ "$type" == "ProxyVM" ]; then + if [ -r $PIDFILE ]; then echo -n "Stopping Qubes Firewall monitor:" kill -9 $(cat $PIDFILE) 2>/dev/null && success || failure echo "" diff --git a/proxyvm/init.d/qubes_netwatcher b/proxyvm/init.d/qubes_netwatcher index e8d9af46..b5cc1e30 100755 --- a/proxyvm/init.d/qubes_netwatcher +++ b/proxyvm/init.d/qubes_netwatcher @@ -11,7 +11,8 @@ PIDFILE=/var/run/qubes/qubes_netwatcher.pid start() { type=$(/usr/bin/xenstore-read qubes_vm_type) - if [ "$type" == "ProxyVM" ]; then + start_netwatcher=$(/usr/bin/xenstore-read qubes-service/qubes-netwatcher) + if [ -z "$start_netwatcher" ] && [ "$type" == "ProxyVM" ] || [ "$start_netwatcher" == "1" ]; then echo -n $"Starting Qubes Network monitor:" /sbin/ethtool -K eth0 sg off /usr/sbin/qubes_netwatcher & @@ -23,8 +24,7 @@ start() stop() { - type=$(/usr/bin/xenstore-read qubes_vm_type) - if [ "$type" == "ProxyVM" ]; then + if [ -r "$PIDFILE" ]; then echo -n "Stopping Qubes Network monitor:" kill -9 $(cat $PIDFILE) 2>/dev/null && success || failure echo ""