From 38fc504ca093ca2271d5b218797e84b6d56e00e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Tue, 1 Nov 2016 00:37:43 +0100 Subject: [PATCH] qubes/vm/net: set mapped IP info before attaching network Set parameters for possibly hiding domain's real IP before attaching network to it, otherwise we'll have race condition with vif-route-qubes script. QubesOS/qubes-issues#1143 --- qubes/vm/mix/net.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/qubes/vm/mix/net.py b/qubes/vm/mix/net.py index 770044aa..87473a1c 100644 --- a/qubes/vm/mix/net.py +++ b/qubes/vm/mix/net.py @@ -247,6 +247,7 @@ class NetVMMixin(qubes.events.Emitter): self.log.info('Starting NetVM ({0})'.format(self.netvm.name)) self.netvm.start() + self.netvm.set_mapped_ip_info_for_vm(self) self.libvirt_domain.attachDevice( self.app.env.get_template('libvirt/devices/net.xml').render( vm=self)) @@ -310,6 +311,12 @@ class NetVMMixin(qubes.events.Emitter): # signal its done self.qdb.write(base_dir[:-1], '') + def set_mapped_ip_info_for_vm(self, vm): + ''' + Set configuration to possibly hide real IP from the VM. + This needs to be done before executing 'script' + (`/etc/xen/scripts/vif-route-qubes`) in network providing VM + ''' # add info about remapped IPs (VM IP hidden from the VM itself) mapped_ip_base = '/mapped-ip/{}'.format(vm.ip) if vm.visible_ip: @@ -391,6 +398,7 @@ class NetVMMixin(qubes.events.Emitter): ''' Reloads the firewall if vm is running and has a NetVM assigned ''' # pylint: disable=unused-argument if self.is_running() and self.netvm: + self.netvm.set_mapped_ip_info_for_vm(self) self.netvm.reload_firewall_for_vm(self) # pylint: disable=no-member # CORE2: swallowed get_firewall_conf, write_firewall_conf,