Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

dispvm: restore DispVM naming independent of Qubes VM ID (#983)

Browse Source 
Using QID for DispVM ID was a bad idea in terms of anonymity:
1. It gives some clue about VMs count in the system. In case of large
numbers, this can be quite unique.
2. If new DispVM is started just after closing previous one, it will get
the same ID, and in consequence the same IP. In case of using TorVM,
this leads to use the same circuit as just closed DispVM.

Fixes qubesos/qubes-issues#983
This commit is contained in:
Marek Marczykowski-Górecki 2015-05-04 00:41:33 +02:00
parent ef1494eb54
commit 602155374a
1 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
core-modules/01QubesDisposableVm.py
View File

@ -30,6 +30,8 @@ from qubes.qubes import QubesVm,QubesVmLabel,register_qubes_vm_class, \
QubesException QubesException
from qubes.qubes import QubesDispVmLabels from qubes.qubes import QubesDispVmLabels
from qubes.qubes import dry_run,vmm from qubes.qubes import dry_run,vmm
import grp
qmemman_present = False qmemman_present = False
try: try:
from qubes.qmemman_client import QMemmanClient from qubes.qmemman_client import QMemmanClient
@ -37,6 +39,8 @@ try:
except ImportError: except ImportError:
pass pass
DISPID_STATE_FILE = '/var/run/qubes/dispid'
class QubesDisposableVm(QubesVm): class QubesDisposableVm(QubesVm):
""" """
A class that represents an DisposableVM. A child of QubesVm. A class that represents an DisposableVM. A child of QubesVm.
@ -45,14 +49,40 @@ class QubesDisposableVm(QubesVm):
# In which order load this VM type from qubes.xml # In which order load this VM type from qubes.xml
load_order = 120 load_order = 120
def _assign_new_dispid(self):
# This method in called while lock on qubes.xml is held, so no need for
# additional lock
if os.path.exists(DISPID_STATE_FILE):
f = open(DISPID_STATE_FILE, 'r+')
dispid = int(f.read())
f.seek(0)
f.truncate(0)
f.write(str(dispid+1))
f.close()
else:
dispid = 1
f = open(DISPID_STATE_FILE, 'w')
f.write(str(dispid+1))
f.close()
os.chown(DISPID_STATE_FILE, -1, grp.getgrnam('qubes').gr_gid)
os.chmod(DISPID_STATE_FILE, 0664)
return dispid
def get_attrs_config(self): def get_attrs_config(self):
attrs_config = super(QubesDisposableVm, self).get_attrs_config() attrs_config = super(QubesDisposableVm, self).get_attrs_config()
attrs_config['name']['eval'] = '"disp%d" % self._qid if value is None else value' attrs_config['name']['func'] = \
lambda x: "disp%d" % self.dispid if x is None else x
# New attributes # New attributes
attrs_config['dispid'] = { 'func': lambda x: self._qid if x is None else int(x), attrs_config['dispid'] = {
'save': lambda: str(self.dispid) } 'func': lambda x: (self._assign_new_dispid() if x is None
else int(x)),
'save': lambda: str(self.dispid),
# needs to be set before name
'order': 0
}
attrs_config['include_in_backups']['func'] = lambda x: False attrs_config['include_in_backups']['func'] = lambda x: False
attrs_config['disp_savefile'] = { attrs_config['disp_savefile'] = {
'default': '/var/run/qubes/current-savefile', 'default': '/var/run/qubes/current-savefile',