From 52334bc4148d5fd4572aca39b973c6fcb675c896 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Thu, 15 Jan 2015 03:27:21 +0100
Subject: [PATCH] core: fix firewall update code

Do not load qubes.xml again, it can cause race conditions between two
instances of the same VM objects.
Especially when VM is starting ProxyVM to which it is connected,
firewall rules could not be loaded.
---
 core-modules/000QubesVm.py | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/core-modules/000QubesVm.py b/core-modules/000QubesVm.py
index c4da10b3..23ed8765 100644
--- a/core-modules/000QubesVm.py
+++ b/core-modules/000QubesVm.py
@@ -1638,16 +1638,13 @@ class QubesVm(object):
             print >> sys.stderr, "--> Setting Qubes DB info for the VM..."
         self.create_xenstore_entries(xid)
 
-        qvm_collection = QubesVmCollection()
-        qvm_collection.lock_db_for_reading()
-        qvm_collection.load()
-        qvm_collection.unlock_db()
-
         if verbose:
             print >> sys.stderr, "--> Updating firewall rules..."
-        for vm in qvm_collection.values():
-            if vm.is_proxyvm() and vm.is_running():
-                vm.write_iptables_xenstore_entry()
+        netvm = self.netvm
+        while netvm is not None:
+            if netvm.is_proxyvm() and netvm.is_running():
+                netvm.write_iptables_xenstore_entry()
+            netvm = netvm.netvm
 
         # fire hooks
         for hook in self.hooks_start: