qubes/vm/net: set mapped IP info before attaching network

Set parameters for possibly hiding domain's real IP before attaching network to it, otherwise we'll have race condition with vif-route-qubes script. QubesOS/qubes-issues#1143
2016-11-01 00:37:43 +01:00 · 2016-11-01 00:37:43 +01:00 · 38fc504ca0
commit 38fc504ca0
parent b4fa8cdce3
1 changed files with 8 additions and 0 deletions
--- a/qubes/vm/mix/net.py
+++ b/qubes/vm/mix/net.py
@ -247,6 +247,7 @@ class NetVMMixin(qubes.events.Emitter):
            self.log.info('Starting NetVM ({0})'.format(self.netvm.name))
            self.netvm.start()

+        self.netvm.set_mapped_ip_info_for_vm(self)
        self.libvirt_domain.attachDevice(
            self.app.env.get_template('libvirt/devices/net.xml').render(
                vm=self))
@ -310,6 +311,12 @@ class NetVMMixin(qubes.events.Emitter):
        # signal its done
        self.qdb.write(base_dir[:-1], '')

+    def set_mapped_ip_info_for_vm(self, vm):
+        '''
+        Set configuration to possibly hide real IP from the VM.
+        This needs to be done before executing 'script'
+        (`/etc/xen/scripts/vif-route-qubes`) in network providing VM
+        '''
        # add info about remapped IPs (VM IP hidden from the VM itself)
        mapped_ip_base = '/mapped-ip/{}'.format(vm.ip)
        if vm.visible_ip:
@ -391,6 +398,7 @@ class NetVMMixin(qubes.events.Emitter):
        ''' Reloads the firewall if vm is running and has a NetVM assigned '''
        # pylint: disable=unused-argument
        if self.is_running() and self.netvm:
+            self.netvm.set_mapped_ip_info_for_vm(self)
            self.netvm.reload_firewall_for_vm(self)  # pylint: disable=no-member

    # CORE2: swallowed get_firewall_conf, write_firewall_conf,