dom0+vm: introduce 'qubes-service' xenstore dir - enable/disable VM services from dom0
This allows control which services are started in VM by dom0. For some situation vm_type was used, but it isn't enough - i.e. ntpd should be started in one, selected NetVM.
This commit is contained in:
parent
d456ec4575
commit
287da572e9
@ -32,7 +32,15 @@ start()
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Start AppVM specific services
|
# Start AppVM specific services
|
||||||
/sbin/service cups start
|
start_cups=$(/usr/bin/xenstore-read qubes-service/cups 2> /dev/null)
|
||||||
|
if [ "$start_cups" != "0" ]; then
|
||||||
|
/sbin/service cups start
|
||||||
|
# Allow also notification icon
|
||||||
|
sed -i -e '/^NotShowIn=.*QUBES/s/;QUBES//' /etc/xdg/autostart/print-applet.desktop
|
||||||
|
else
|
||||||
|
# Disable notification icon
|
||||||
|
sed -i -e '/QUBES/!s/^NotShowIn=.*/\1QUBES;/' /etc/xdg/autostart/print-applet.desktop
|
||||||
|
fi
|
||||||
|
|
||||||
echo -n $"Executing Qubes Core scripts for AppVM:"
|
echo -n $"Executing Qubes Core scripts for AppVM:"
|
||||||
|
|
||||||
@ -52,9 +60,12 @@ start()
|
|||||||
echo Back to life.
|
echo Back to life.
|
||||||
fi
|
fi
|
||||||
|
|
||||||
MEM_CHANGE_THRESHOLD_KB=30000
|
start_meminfo_writer=$(/usr/bin/xenstore-read qubes-service/meminfo-writer)
|
||||||
MEMINFO_DELAY_USEC=100000
|
if [ "$start_meminfo_writer" != "0" ]; then
|
||||||
/usr/lib/qubes/meminfo-writer $MEM_CHANGE_THRESHOLD_KB $MEMINFO_DELAY_USEC &
|
MEM_CHANGE_THRESHOLD_KB=30000
|
||||||
|
MEMINFO_DELAY_USEC=100000
|
||||||
|
/usr/lib/qubes/meminfo-writer $MEM_CHANGE_THRESHOLD_KB $MEMINFO_DELAY_USEC &
|
||||||
|
fi
|
||||||
|
|
||||||
success
|
success
|
||||||
echo ""
|
echo ""
|
||||||
|
@ -77,8 +77,8 @@ start()
|
|||||||
success
|
success
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
type=$(/usr/bin/xenstore-read qubes_vm_type)
|
start_ntpd=$(/usr/bin/xenstore-read qubes-service/ntpd 2> /dev/null)
|
||||||
if [ "$type" == "ProxyVM" ]; then
|
if [ "$start_ntpd" == "1" ]; then
|
||||||
/sbin/service ntpd start
|
/sbin/service ntpd start
|
||||||
fi
|
fi
|
||||||
return 0
|
return 0
|
||||||
|
@ -204,7 +204,8 @@ class QubesVm(object):
|
|||||||
kernel = None,
|
kernel = None,
|
||||||
uses_default_kernel = True,
|
uses_default_kernel = True,
|
||||||
kernelopts = "",
|
kernelopts = "",
|
||||||
uses_default_kernelopts = True):
|
uses_default_kernelopts = True,
|
||||||
|
services = None):
|
||||||
|
|
||||||
|
|
||||||
assert qid < qubes_max_qid, "VM id out of bounds!"
|
assert qid < qubes_max_qid, "VM id out of bounds!"
|
||||||
@ -325,6 +326,10 @@ class QubesVm(object):
|
|||||||
else:
|
else:
|
||||||
self.kernelopts = kernelopts
|
self.kernelopts = kernelopts
|
||||||
|
|
||||||
|
self.services = {}
|
||||||
|
if services is not None:
|
||||||
|
self.services = eval(str(services))
|
||||||
|
|
||||||
# Internal VM (not shown in qubes-manager, doesn't create appmenus entries
|
# Internal VM (not shown in qubes-manager, doesn't create appmenus entries
|
||||||
self.internal = internal
|
self.internal = internal
|
||||||
|
|
||||||
@ -658,6 +663,11 @@ class QubesVm(object):
|
|||||||
"{0}/qubes_secondary_dns".format(domain_path),
|
"{0}/qubes_secondary_dns".format(domain_path),
|
||||||
self.netvm_vm.secondary_dns)
|
self.netvm_vm.secondary_dns)
|
||||||
|
|
||||||
|
for srv in self.services.keys():
|
||||||
|
# convert True/False to "1"/"0"
|
||||||
|
xs.write('', "{0}/qubes-service/{1}".format(domain_path, srv),
|
||||||
|
str(int(self.services[srv])))
|
||||||
|
|
||||||
xs.write('',
|
xs.write('',
|
||||||
"{0}/qubes-block-devices".format(domain_path),
|
"{0}/qubes-block-devices".format(domain_path),
|
||||||
'')
|
'')
|
||||||
@ -1119,6 +1129,7 @@ class QubesVm(object):
|
|||||||
attrs["kernel"] = str(self.kernel)
|
attrs["kernel"] = str(self.kernel)
|
||||||
attrs["uses_default_kernelopts"] = str(self.uses_default_kernelopts)
|
attrs["uses_default_kernelopts"] = str(self.uses_default_kernelopts)
|
||||||
attrs["kernelopts"] = str(self.kernelopts)
|
attrs["kernelopts"] = str(self.kernelopts)
|
||||||
|
attrs["services"] = str(self.services)
|
||||||
return attrs
|
return attrs
|
||||||
|
|
||||||
def create_xml_element(self):
|
def create_xml_element(self):
|
||||||
@ -2114,7 +2125,8 @@ class QubesVmCollection(dict):
|
|||||||
"private_img", "root_img", "template_qid",
|
"private_img", "root_img", "template_qid",
|
||||||
"installed_by_rpm", "updateable", "internal",
|
"installed_by_rpm", "updateable", "internal",
|
||||||
"uses_default_netvm", "label", "memory", "vcpus", "pcidevs",
|
"uses_default_netvm", "label", "memory", "vcpus", "pcidevs",
|
||||||
"maxmem", "kernel", "uses_default_kernel", "kernelopts", "uses_default_kernelopts" )
|
"maxmem", "kernel", "uses_default_kernel", "kernelopts", "uses_default_kernelopts",
|
||||||
|
"services" )
|
||||||
|
|
||||||
for attribute in common_attr_list:
|
for attribute in common_attr_list:
|
||||||
kwargs[attribute] = element.get(attribute)
|
kwargs[attribute] = element.get(attribute)
|
||||||
|
@ -11,7 +11,8 @@ PIDFILE=/var/run/qubes/qubes_firewall.pid
|
|||||||
start()
|
start()
|
||||||
{
|
{
|
||||||
type=$(/usr/bin/xenstore-read qubes_vm_type)
|
type=$(/usr/bin/xenstore-read qubes_vm_type)
|
||||||
if [ "$type" == "ProxyVM" ]; then
|
start_firewall=$(/usr/bin/xenstore-read qubes-service/qubes-firewall)
|
||||||
|
if [ -z "$start_firewall" ] && [ "$type" == "ProxyVM" ] || [ "$start_firewall" == "1" ]; then
|
||||||
echo -n $"Starting Qubes Firewall monitor:"
|
echo -n $"Starting Qubes Firewall monitor:"
|
||||||
/sbin/ethtool -K eth0 sg off
|
/sbin/ethtool -K eth0 sg off
|
||||||
/usr/sbin/qubes_firewall &
|
/usr/sbin/qubes_firewall &
|
||||||
@ -23,8 +24,7 @@ start()
|
|||||||
|
|
||||||
stop()
|
stop()
|
||||||
{
|
{
|
||||||
type=$(/usr/bin/xenstore-read qubes_vm_type)
|
if [ -r $PIDFILE ]; then
|
||||||
if [ "$type" == "ProxyVM" ]; then
|
|
||||||
echo -n "Stopping Qubes Firewall monitor:"
|
echo -n "Stopping Qubes Firewall monitor:"
|
||||||
kill -9 $(cat $PIDFILE) 2>/dev/null && success || failure
|
kill -9 $(cat $PIDFILE) 2>/dev/null && success || failure
|
||||||
echo ""
|
echo ""
|
||||||
|
@ -11,7 +11,8 @@ PIDFILE=/var/run/qubes/qubes_netwatcher.pid
|
|||||||
start()
|
start()
|
||||||
{
|
{
|
||||||
type=$(/usr/bin/xenstore-read qubes_vm_type)
|
type=$(/usr/bin/xenstore-read qubes_vm_type)
|
||||||
if [ "$type" == "ProxyVM" ]; then
|
start_netwatcher=$(/usr/bin/xenstore-read qubes-service/qubes-netwatcher)
|
||||||
|
if [ -z "$start_netwatcher" ] && [ "$type" == "ProxyVM" ] || [ "$start_netwatcher" == "1" ]; then
|
||||||
echo -n $"Starting Qubes Network monitor:"
|
echo -n $"Starting Qubes Network monitor:"
|
||||||
/sbin/ethtool -K eth0 sg off
|
/sbin/ethtool -K eth0 sg off
|
||||||
/usr/sbin/qubes_netwatcher &
|
/usr/sbin/qubes_netwatcher &
|
||||||
@ -23,8 +24,7 @@ start()
|
|||||||
|
|
||||||
stop()
|
stop()
|
||||||
{
|
{
|
||||||
type=$(/usr/bin/xenstore-read qubes_vm_type)
|
if [ -r "$PIDFILE" ]; then
|
||||||
if [ "$type" == "ProxyVM" ]; then
|
|
||||||
echo -n "Stopping Qubes Network monitor:"
|
echo -n "Stopping Qubes Network monitor:"
|
||||||
kill -9 $(cat $PIDFILE) 2>/dev/null && success || failure
|
kill -9 $(cat $PIDFILE) 2>/dev/null && success || failure
|
||||||
echo ""
|
echo ""
|
||||||
|
Loading…
Reference in New Issue
Block a user