Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Implemented qubes_netvm_external_ip feature.

Browse Source
This commit is contained in:
Tomasz Sterna 2011-03-09 19:47:12 +01:00
parent 87ff30fe26
commit 58a4b4c82b
1 changed files with 46 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
dom0/qvm-core/qubes.py
View File

@ -883,6 +883,8 @@ class QubesNetVm(QubesServiceVm):
self.__gateway = self.netprefix + "0.1" self.__gateway = self.netprefix + "0.1"
self.__secondary_dns = self.netprefix + "255.254" self.__secondary_dns = self.netprefix + "255.254"
self.__external_ip_allowed_xids = set()
if "label" not in kwargs or kwargs["label"] is None: if "label" not in kwargs or kwargs["label"] is None:
kwargs["label"] = default_servicevm_label kwargs["label"] = default_servicevm_label
super(QubesNetVm, self).__init__(installed_by_rpm=True, **kwargs) super(QubesNetVm, self).__init__(installed_by_rpm=True, **kwargs)
@ -913,6 +915,42 @@ class QubesNetVm(QubesServiceVm):
assert hi >= 0 and hi <= 254 and lo >= 2 and lo <= 254, "Wrong IP address for VM" assert hi >= 0 and hi <= 254 and lo >= 2 and lo <= 254, "Wrong IP address for VM"
return self.netprefix + "{0}.{1}".format(hi,lo) return self.netprefix + "{0}.{1}".format(hi,lo)
def create_xenstore_entries(self, xid):
if dry_run:
return
super(QubesNetVm, self).create_xenstore_entries(xid)
retcode = subprocess.check_call ([
"/usr/bin/xenstore-write",
"/local/domain/{0}/qubes_netvm_external_ip".format(xid),
""])
self.update_external_ip_permissions()
def update_external_ip_permissions(self):
xid = self.get_xid()
command = [
"/usr/bin/xenstore-chmod",
"/local/domain/{0}/qubes_netvm_external_ip".format(xid)
]
command.append("r{0}".format(xid,xid))
command.append("w{0}".format(xid,xid))
for id in self.__external_ip_allowed_xids:
command.append("r{0}".format(id))
return subprocess.check_call(command)
def add_external_ip_permission(self, xid):
if int(xid) < 0:
return
self.__external_ip_allowed_xids.add(int(xid))
self.update_external_ip_permissions()
def remove_external_ip_permission(self, xid):
self.__external_ip_allowed_xids.discard(int(xid))
self.update_external_ip_permissions()
def create_xml_element(self): def create_xml_element(self):
element = xml.etree.ElementTree.Element( element = xml.etree.ElementTree.Element(
"QubesNetVm", "QubesNetVm",
@ -934,11 +972,18 @@ class QubesFirewallVm(QubesNetVm):
def __init__(self, **kwargs): def __init__(self, **kwargs):
super(QubesFirewallVm, self).__init__(uses_default_netvm=False, **kwargs) super(QubesFirewallVm, self).__init__(uses_default_netvm=False, **kwargs)
self.rules_applied = None self.rules_applied = None
self.netvm_vm.add_external_ip_permission(self.get_xid())
@property @property
def type(self): def type(self):
return "FirewallVM" return "FirewallVM"
def force_shutdown(self):
if dry_run:
return
self.netvm_vm.remove_external_ip_permission(self.get_xid())
super(QubesFirewallVm, self).force_shutdown()
def create_xenstore_entries(self, xid): def create_xenstore_entries(self, xid):
if dry_run: if dry_run:
return return
@ -951,7 +996,7 @@ class QubesFirewallVm(QubesNetVm):
retcode = subprocess.check_call ([ retcode = subprocess.check_call ([
"/usr/bin/xenstore-chmod", "/usr/bin/xenstore-chmod",
"/local/domain/{0}/qubes_iptables_error".format(xid), "/local/domain/{0}/qubes_iptables_error".format(xid),
"n0", "r{0}".format(xid), "w{0}".format(xid)]) "r{0}".format(xid), "w{0}".format(xid)])
self.write_iptables_xenstore_entry() self.write_iptables_xenstore_entry()
def write_iptables_xenstore_entry(self): def write_iptables_xenstore_entry(self):