Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

qrexec: adjust DispVM code to the new qrexec API

Browse Source 
Note, we have qvm-open-in-vm totally for free.
This commit is contained in:
Rafal Wojtczuk 2011-07-06 12:32:20 +02:00
parent b7e8c2708c
commit 2fdf9761c7
11 changed files with 60 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
appvm/Makefile
View File

@ -1,9 +1,9 @@
CC=gcc CC=gcc
CFLAGS=-g -Wall -I../common -fPIC -pie CFLAGS=-g -Wall -I../common -fPIC -pie
all: dvm_file_editor qfile-agent-dvm qfile-agent qfile-unpacker all: vm-file-editor qopen-in-vm qfile-agent qfile-unpacker
dvm_file_editor: dvm_file_editor.o ../common/ioall.o vm-file-editor: vm-file-editor.o ../common/ioall.o
$(CC) -pie -g -o $@ $^ $(CC) -pie -g -o $@ $^
qfile-agent-dvm: qfile-agent-dvm.o ../common/ioall.o ../common/gui-fatal.o qopen-in-vm: qopen-in-vm.o ../common/ioall.o ../common/gui-fatal.o
$(CC) -pie -g -o $@ $^ $(CC) -pie -g -o $@ $^
qfile-agent: qfile-agent.o ../common/ioall.o ../common/gui-fatal.o ../common/copy_file.o ../common/crc32.o qfile-agent: qfile-agent.o ../common/ioall.o ../common/gui-fatal.o ../common/copy_file.o ../common/crc32.o
$(CC) -pie -g -o $@ $^ $(CC) -pie -g -o $@ $^
@ -11,4 +11,4 @@ qfile-unpacker: qfile-unpacker.o ../common/ioall.o ../common/gui-fatal.o ../comm
$(CC) -pie -g -o $@ $^ $(CC) -pie -g -o $@ $^
clean: clean:
rm -f qfile-agent-dvm qfile-agent qfile-unpacker dvm_file_editor *.o *~ rm -f qopen-in-vm qfile-agent qfile-unpacker vm-file-editor *.o *~

46
appvm/qfile-agent-dvm.c → appvm/qopen-in-vm.c
View File

@ -93,47 +93,11 @@ void talk_to_daemon(char *fname)
recv_file(fname); recv_file(fname);
} }
void process_spoolentry(char *entry_name) int main(int argc, char ** argv)
{
char *abs_spool_entry_name;
int entry_fd;
struct stat st;
char *filename;
int entry_size;
asprintf(&abs_spool_entry_name, "%s/%s", DVM_SPOOL, entry_name);
entry_fd = open(abs_spool_entry_name, O_RDONLY);
unlink(abs_spool_entry_name);
if (entry_fd < 0 || fstat(entry_fd, &st))
gui_fatal("bad dvm_entry");
entry_size = st.st_size;
filename = calloc(1, entry_size + DVM_FILENAME_SIZE);
if (!filename)
gui_fatal("malloc");
if (!read_all(entry_fd, filename, entry_size))
gui_fatal("read dvm entry %s", abs_spool_entry_name);
close(entry_fd);
talk_to_daemon(filename);
}
void scan_spool(char *name)
{
struct dirent *ent;
DIR *dir = opendir(name);
if (!dir)
gui_fatal("opendir %s", name);
while ((ent = readdir(dir))) {
char *fname = ent->d_name;
if (!strcmp(fname, ".") || !strcmp(fname, ".."))
continue;
process_spoolentry(fname);
break;
}
closedir(dir);
}
int main()
{ {
signal(SIGPIPE, SIG_IGN); signal(SIGPIPE, SIG_IGN);
scan_spool(DVM_SPOOL); if (argc!=2)
gui_fatal("OpenInVM - no file given?");
talk_to_daemon(argv[1]);
return 0; return 0;
} }

1
appvm/qubes.OpenInVM Normal file
View File

@ -0,0 +1 @@
/usr/lib/qubes/vm-file-editor

2
appvm/qubes.OpenInVM.policy Normal file
View File

@ -0,0 +1,2 @@
anyvm dispvm allow
anyvm anyvm ask

14
appvm/qvm-open-in-dvm2
View File

@ -25,16 +25,4 @@ if ! [ $# = 1 ] ; then
exit 1 exit 1
fi fi
FILE="$1" exec /usr/lib/qubes/qrexec_client_vm "/usr/lib/qubes/qopen-in-vm" dispvm qubes.OpenInVM "$1"
if ! [ "X""${FILE:0:1}" = X/ ] ; then
FILE="$PWD"/"$1"
fi
DVMSPOOL=/home/user/.dvmspool
if ! [ -e $DVMSPOOL ] ; then
mkdir $DVMSPOOL || exit 1
fi
echo -n "$FILE" > $DVMSPOOL/req.$$
echo -n DVMR > /var/run/qubes/qrexec_agent

28
appvm/qvm-open-in-vm Executable file
View File

@ -0,0 +1,28 @@
#!/bin/bash
#
# The Qubes OS Project, http://www.qubes-os.org
#
# Copyright (C) 2010 Rafal Wojtczuk <rafal@invisiblethingslab.com>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
#
if ! [ $# = 2 ] ; then
echo "Usage: $0 vmname filename"
exit 1
fi
exec /usr/lib/qubes/qrexec_client_vm "/usr/lib/qubes/qopen-in-vm" "$1" qubes.OpenInVM "$2"

0
appvm/dvm_file_editor.c → appvm/vm-file-editor.c
View File

7
dom0/restore/qfile-daemon-dvm
View File

@ -124,15 +124,18 @@ class QfileDaemonDvm:
def main(): def main():
global notify_object global notify_object
exec_index = sys.argv[1]
src_vmname = sys.argv[2]
notify_object = dbus.SessionBus().get_object("org.freedesktop.Notifications", "/org/freedesktop/Notifications") notify_object = dbus.SessionBus().get_object("org.freedesktop.Notifications", "/org/freedesktop/Notifications")
qfile = QfileDaemonDvm(os.getenv("QREXEC_REMOTE_DOMAIN")) qfile = QfileDaemonDvm(src_vmname)
lockf = open("/var/run/qubes/qfile-daemon-dvm.lock", 'a') lockf = open("/var/run/qubes/qfile-daemon-dvm.lock", 'a')
fcntl.fcntl(lockf, fcntl.F_SETFD, fcntl.FD_CLOEXEC) fcntl.fcntl(lockf, fcntl.F_SETFD, fcntl.FD_CLOEXEC)
fcntl.flock(lockf, fcntl.LOCK_EX) fcntl.flock(lockf, fcntl.LOCK_EX)
dispname = qfile.get_dvm() dispname = qfile.get_dvm()
lockf.close() lockf.close()
if dispname is not None: if dispname is not None:
subprocess.call(['/usr/lib/qubes/qrexec_client', '-d', dispname, 'directly:user:/usr/lib/qubes/dvm_file_editor']) subprocess.call(['/usr/lib/qubes/qrexec_client', '-d', dispname,
'user:exec /usr/lib/qubes/qubes_rpc_multiplexer ' + exec_index + " " + src_vmname])
subprocess.call(['/usr/sbin/xl', 'destroy', dispname]) subprocess.call(['/usr/sbin/xl', 'destroy', dispname])
qfile.remove_disposable_from_qdb(dispname) qfile.remove_disposable_from_qdb(dispname)

7
qrexec/qrexec_policy
View File

@ -33,8 +33,11 @@ def apply_policy(policy, domain, target):
return (None, None) return (None, None)
def do_execute(domain, target, exec_index, process_ident): def do_execute(domain, target, exec_index, process_ident):
cmd= "qvm-run -uroot -q -a --pass_io "+target if target == "dispvm":
cmd+=" '/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain + "'" cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain
else:
cmd= "qvm-run -uroot -q -a --pass_io "+target
cmd+=" '/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain + "'"
os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", cmd, "-c", process_ident) os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", cmd, "-c", process_ident)
def confirm_execution(domain, target, exec_index): def confirm_execution(domain, target, exec_index):

11
rpm_spec/core-appvm.spec
View File

@ -75,6 +75,7 @@ cp qubes_core_appvm $RPM_BUILD_ROOT/etc/init.d/
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
mkdir -p $RPM_BUILD_ROOT/usr/bin mkdir -p $RPM_BUILD_ROOT/usr/bin
cp qubes_timestamp qvm-open-in-dvm2 $RPM_BUILD_ROOT/usr/bin cp qubes_timestamp qvm-open-in-dvm2 $RPM_BUILD_ROOT/usr/bin
cp qvm-open-in-vm $RPM_BUILD_ROOT/usr/bin
cp qvm-copy-to-vm $RPM_BUILD_ROOT/usr/bin cp qvm-copy-to-vm $RPM_BUILD_ROOT/usr/bin
mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
cp qvm-copy-to-vm2.kde $RPM_BUILD_ROOT/usr/lib/qubes cp qvm-copy-to-vm2.kde $RPM_BUILD_ROOT/usr/lib/qubes
@ -82,14 +83,14 @@ cp qvm-copy-to-vm2.gnome $RPM_BUILD_ROOT/usr/lib/qubes
cp ../qrexec/qrexec_agent $RPM_BUILD_ROOT/usr/lib/qubes cp ../qrexec/qrexec_agent $RPM_BUILD_ROOT/usr/lib/qubes
cp ../qrexec/qrexec_client_vm $RPM_BUILD_ROOT/usr/lib/qubes cp ../qrexec/qrexec_client_vm $RPM_BUILD_ROOT/usr/lib/qubes
cp ../qrexec/qubes_rpc_multiplexer $RPM_BUILD_ROOT/usr/lib/qubes cp ../qrexec/qubes_rpc_multiplexer $RPM_BUILD_ROOT/usr/lib/qubes
cp dvm_file_editor qfile-agent qfile-agent-dvm qfile-unpacker $RPM_BUILD_ROOT/usr/lib/qubes cp vm-file-editor qfile-agent qopen-in-vm qfile-unpacker $RPM_BUILD_ROOT/usr/lib/qubes
cp ../common/meminfo-writer $RPM_BUILD_ROOT/usr/lib/qubes cp ../common/meminfo-writer $RPM_BUILD_ROOT/usr/lib/qubes
mkdir -p $RPM_BUILD_ROOT/%{kde_service_dir} mkdir -p $RPM_BUILD_ROOT/%{kde_service_dir}
cp qvm-copy.desktop qvm-dvm.desktop $RPM_BUILD_ROOT/%{kde_service_dir} cp qvm-copy.desktop qvm-dvm.desktop $RPM_BUILD_ROOT/%{kde_service_dir}
mkdir -p $RPM_BUILD_ROOT/mnt/removable mkdir -p $RPM_BUILD_ROOT/mnt/removable
mkdir -p $RPM_BUILD_ROOT/etc/qubes_rpc mkdir -p $RPM_BUILD_ROOT/etc/qubes_rpc
cp qubes.Filecopy $RPM_BUILD_ROOT/etc/qubes_rpc cp qubes.Filecopy $RPM_BUILD_ROOT/etc/qubes_rpc
cp qubes.OpenInVM $RPM_BUILD_ROOT/etc/qubes_rpc
mkdir -p $RPM_BUILD_ROOT/etc/X11 mkdir -p $RPM_BUILD_ROOT/etc/X11
cp xorg-preload-apps.conf $RPM_BUILD_ROOT/etc/X11 cp xorg-preload-apps.conf $RPM_BUILD_ROOT/etc/X11
@ -140,19 +141,21 @@ rm -rf $RPM_BUILD_ROOT
/usr/lib/qubes/qvm-copy-to-vm2.kde /usr/lib/qubes/qvm-copy-to-vm2.kde
/usr/lib/qubes/qvm-copy-to-vm2.gnome /usr/lib/qubes/qvm-copy-to-vm2.gnome
/usr/bin/qvm-open-in-dvm2 /usr/bin/qvm-open-in-dvm2
/usr/bin/qvm-open-in-vm
/usr/lib/qubes/meminfo-writer /usr/lib/qubes/meminfo-writer
/usr/lib/qubes/dvm_file_editor /usr/lib/qubes/vm-file-editor
%{kde_service_dir}/qvm-copy.desktop %{kde_service_dir}/qvm-copy.desktop
%{kde_service_dir}/qvm-dvm.desktop %{kde_service_dir}/qvm-dvm.desktop
/usr/lib/qubes/qrexec_agent /usr/lib/qubes/qrexec_agent
/usr/lib/qubes/qrexec_client_vm /usr/lib/qubes/qrexec_client_vm
/usr/lib/qubes/qubes_rpc_multiplexer /usr/lib/qubes/qubes_rpc_multiplexer
/usr/lib/qubes/qfile-agent /usr/lib/qubes/qfile-agent
/usr/lib/qubes/qfile-agent-dvm /usr/lib/qubes/qopen-in-vm
/usr/lib/qubes/qfile-unpacker /usr/lib/qubes/qfile-unpacker
%dir /mnt/removable %dir /mnt/removable
%dir /etc/qubes_rpc %dir /etc/qubes_rpc
/etc/qubes_rpc/qubes.Filecopy /etc/qubes_rpc/qubes.Filecopy
/etc/qubes_rpc/qubes.OpenInVM
/usr/bin/qubes_timestamp /usr/bin/qubes_timestamp
%dir /home_volatile %dir /home_volatile
%attr(700,user,user) /home_volatile/user %attr(700,user,user) /home_volatile/user

2
rpm_spec/core-dom0.spec
View File

@ -101,6 +101,7 @@ cp aux-tools/qfile-dom0-unpacker $RPM_BUILD_ROOT/usr/lib/qubes/
mkdir -p $RPM_BUILD_ROOT/etc/qubes_rpc/policy mkdir -p $RPM_BUILD_ROOT/etc/qubes_rpc/policy
cp ../appvm/qubes.Filecopy.policy $RPM_BUILD_ROOT/etc/qubes_rpc/policy/qubes.Filecopy cp ../appvm/qubes.Filecopy.policy $RPM_BUILD_ROOT/etc/qubes_rpc/policy/qubes.Filecopy
cp ../appvm/qubes.OpenInVM.policy $RPM_BUILD_ROOT/etc/qubes_rpc/policy/qubes.OpenInVM
cp restore/qvm-create-default-dvm $RPM_BUILD_ROOT/usr/bin cp restore/qvm-create-default-dvm $RPM_BUILD_ROOT/usr/bin
cp restore/xenstore-watch $RPM_BUILD_ROOT/usr/bin/xenstore-watch-qubes cp restore/xenstore-watch $RPM_BUILD_ROOT/usr/bin/xenstore-watch-qubes
@ -326,6 +327,7 @@ fi
/usr/lib/qubes/qrexec_policy /usr/lib/qubes/qrexec_policy
%dir /etc/qubes_rpc/policy %dir /etc/qubes_rpc/policy
/etc/qubes_rpc/policy/qubes.Filecopy /etc/qubes_rpc/policy/qubes.Filecopy
/etc/qubes_rpc/policy/qubes.OpenInVM
%attr(4750,root,qubes) /usr/lib/qubes/qrexec_daemon %attr(4750,root,qubes) /usr/lib/qubes/qrexec_daemon
%attr(4750,root,qubes) /usr/lib/qubes/xenfreepages %attr(4750,root,qubes) /usr/lib/qubes/xenfreepages
%attr(2770,root,qubes) %dir /var/log/qubes %attr(2770,root,qubes) %dir /var/log/qubes