dom0+vm: introduce 'qubes-service' xenstore dir - enable/disable VM services from dom0

This allows control which services are started in VM by dom0. For some
situation vm_type was used, but it isn't enough - i.e. ntpd should be started
in one, selected NetVM.

appvm/qubes_core_appvm

@@ -30,9 +30,17 @@ start()
 		# This script runs only on AppVMs
 		return 0
 	fi
-    
+
 	# Start AppVM specific services
-	/sbin/service cups start
+	start_cups=$(/usr/bin/xenstore-read qubes-service/cups 2> /dev/null)
+	if [ "$start_cups" != "0" ]; then
+		/sbin/service cups start
+		# Allow also notification icon
+		sed -i -e '/^NotShowIn=.*QUBES/s/;QUBES//' /etc/xdg/autostart/print-applet.desktop
+	else
+		# Disable notification icon
+		sed -i -e '/QUBES/!s/^NotShowIn=.*/\1QUBES;/' /etc/xdg/autostart/print-applet.desktop
+	fi
 
 	echo -n $"Executing Qubes Core scripts for AppVM:"
 
@@ -52,9 +60,12 @@ start()
 		echo Back to life.
 	fi
 
-	MEM_CHANGE_THRESHOLD_KB=30000
+	start_meminfo_writer=$(/usr/bin/xenstore-read qubes-service/meminfo-writer)
-	MEMINFO_DELAY_USEC=100000
+	if [ "$start_meminfo_writer" != "0" ]; then
-	/usr/lib/qubes/meminfo-writer $MEM_CHANGE_THRESHOLD_KB $MEMINFO_DELAY_USEC &
+		MEM_CHANGE_THRESHOLD_KB=30000
+		MEMINFO_DELAY_USEC=100000
+		/usr/lib/qubes/meminfo-writer $MEM_CHANGE_THRESHOLD_KB $MEMINFO_DELAY_USEC &
+	fi
 
 	success
 	echo ""

common/qubes_core

@@ -77,8 +77,8 @@ start()
 	success
 	echo ""
 
-	type=$(/usr/bin/xenstore-read qubes_vm_type)
+	start_ntpd=$(/usr/bin/xenstore-read qubes-service/ntpd 2> /dev/null)
-	if [ "$type" == "ProxyVM" ]; then
+	if [ "$start_ntpd" == "1" ]; then
 		/sbin/service ntpd start
 	fi
 	return 0

dom0/qvm-core/qubes.py

@@ -204,7 +204,8 @@ class QubesVm(object):
                  kernel = None,
                  uses_default_kernel = True,
                  kernelopts = "",
-                 uses_default_kernelopts = True):
+                 uses_default_kernelopts = True,
+                 services = None):
 
 
         assert qid < qubes_max_qid, "VM id out of bounds!"
@@ -325,6 +326,10 @@ class QubesVm(object):
         else:
             self.kernelopts = kernelopts
 
+        self.services = {}
+        if services is not None:
+            self.services = eval(str(services))
+
         # Internal VM (not shown in qubes-manager, doesn't create appmenus entries
         self.internal = internal
 
@@ -658,6 +663,11 @@ class QubesVm(object):
                     "{0}/qubes_secondary_dns".format(domain_path),
                     self.netvm_vm.secondary_dns)
 
+        for srv in self.services.keys():
+            # convert True/False to "1"/"0"
+            xs.write('', "{0}/qubes-service/{1}".format(domain_path, srv),
+                    str(int(self.services[srv])))
+
         xs.write('',
                 "{0}/qubes-block-devices".format(domain_path),
                 '')
@@ -1119,6 +1129,7 @@ class QubesVm(object):
         attrs["kernel"] = str(self.kernel)
         attrs["uses_default_kernelopts"] = str(self.uses_default_kernelopts)
         attrs["kernelopts"] = str(self.kernelopts)
+        attrs["services"] = str(self.services)
         return attrs
 
     def create_xml_element(self):
@@ -2114,7 +2125,8 @@ class QubesVmCollection(dict):
                 "private_img", "root_img", "template_qid",
                 "installed_by_rpm", "updateable", "internal",
                 "uses_default_netvm", "label", "memory", "vcpus", "pcidevs",
-                "maxmem", "kernel", "uses_default_kernel", "kernelopts", "uses_default_kernelopts" )
+                "maxmem", "kernel", "uses_default_kernel", "kernelopts", "uses_default_kernelopts",
+                "services" )
 
         for attribute in common_attr_list:
             kwargs[attribute] = element.get(attribute)

proxyvm/init.d/qubes_firewall

@@ -11,7 +11,8 @@ PIDFILE=/var/run/qubes/qubes_firewall.pid
 start()
 {
     type=$(/usr/bin/xenstore-read qubes_vm_type)
-    if [ "$type" == "ProxyVM" ]; then
+    start_firewall=$(/usr/bin/xenstore-read qubes-service/qubes-firewall)
+    if [ -z "$start_firewall" ] && [ "$type" == "ProxyVM" ] || [ "$start_firewall" == "1" ]; then
         echo -n $"Starting Qubes Firewall monitor:"
         /sbin/ethtool -K eth0 sg off
         /usr/sbin/qubes_firewall &
@@ -23,8 +24,7 @@ start()
 
 stop()
 {
-    type=$(/usr/bin/xenstore-read qubes_vm_type)
+    if [ -r $PIDFILE ]; then
-    if [ "$type" == "ProxyVM" ]; then
         echo -n "Stopping Qubes Firewall monitor:"
         kill -9 $(cat $PIDFILE) 2>/dev/null  && success || failure
         echo ""

proxyvm/init.d/qubes_netwatcher

@@ -11,7 +11,8 @@ PIDFILE=/var/run/qubes/qubes_netwatcher.pid
 start()
 {
     type=$(/usr/bin/xenstore-read qubes_vm_type)
-    if [ "$type" == "ProxyVM" ]; then
+    start_netwatcher=$(/usr/bin/xenstore-read qubes-service/qubes-netwatcher)
+    if [ -z "$start_netwatcher" ] && [ "$type" == "ProxyVM" ] || [ "$start_netwatcher" == "1" ]; then
         echo -n $"Starting Qubes Network monitor:"
         /sbin/ethtool -K eth0 sg off
         /usr/sbin/qubes_netwatcher &
@@ -23,8 +24,7 @@ start()
 
 stop()
 {
-    type=$(/usr/bin/xenstore-read qubes_vm_type)
+    if [ -r "$PIDFILE" ]; then
-    if [ "$type" == "ProxyVM" ]; then
         echo -n "Stopping Qubes Network monitor:"
         kill -9 $(cat $PIDFILE) 2>/dev/null  && success || failure
         echo ""