qrexec: manually autostart target rpc domain
option 2) from the previous commit comment
This commit is contained in:
parent
11c1cb0aa2
commit
65fe9e1b93
@ -3,6 +3,7 @@ import sys
|
|||||||
import os
|
import os
|
||||||
import os.path
|
import os.path
|
||||||
import subprocess
|
import subprocess
|
||||||
|
import xen.lowlevel.xl
|
||||||
|
|
||||||
POLICY_FILE_DIR="/etc/qubes_rpc/policy"
|
POLICY_FILE_DIR="/etc/qubes_rpc/policy"
|
||||||
QREXEC_CLIENT="/usr/lib/qubes/qrexec_client"
|
QREXEC_CLIENT="/usr/lib/qubes/qrexec_client"
|
||||||
@ -56,15 +57,33 @@ def find_policy(policy, domain, target):
|
|||||||
return iter
|
return iter
|
||||||
return get_default_policy()
|
return get_default_policy()
|
||||||
|
|
||||||
|
def is_domain_running(target):
|
||||||
|
xl_ctx = xen.lowlevel.xl.ctx()
|
||||||
|
domains = xl_ctx.list_domains()
|
||||||
|
for dominfo in domains:
|
||||||
|
domname = xl_ctx.domid_to_name(dominfo.domid)
|
||||||
|
if domname == target:
|
||||||
|
return True
|
||||||
|
return False
|
||||||
|
|
||||||
|
def spawn_target_if_necessary(target):
|
||||||
|
if not is_domain_running(target):
|
||||||
|
return
|
||||||
|
null=open("/dev/null", "r+")
|
||||||
|
subprocess.call("qvm-run -a -q " + target + " true", stdin=null, stdout=null)
|
||||||
|
null.close()
|
||||||
|
|
||||||
def do_execute(domain, target, user, exec_index, process_ident):
|
def do_execute(domain, target, user, exec_index, process_ident):
|
||||||
if target == "dom0":
|
if target == "dom0":
|
||||||
cmd="/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain
|
cmd="/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain
|
||||||
elif target == "dispvm":
|
elif target == "dispvm":
|
||||||
cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain + " " +user
|
cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain + " " +user
|
||||||
else:
|
else:
|
||||||
#fixme: qvm-run --pass_io is broken for non-running target domain
|
# see the previous commit why "qvm-run -a" is broken and dangerous
|
||||||
cmd= "qvm-run -uroot -q --pass_io "+target + " -u" + user
|
# also, dangling "xl" would keep stderr open and may prevent closing connection
|
||||||
cmd+=" '/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain + "'"
|
spawn_target_if_necessary(target)
|
||||||
|
cmd= QREXEC_CLIENT + " -d " + target + " " + user
|
||||||
|
cmd+=":/usr/lib/qubes/qubes_rpc_multiplexer "+ exec_index + " " + domain
|
||||||
os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", cmd, "-c", process_ident)
|
os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", cmd, "-c", process_ident)
|
||||||
|
|
||||||
def confirm_execution(domain, target, exec_index):
|
def confirm_execution(domain, target, exec_index):
|
||||||
|
Loading…
Reference in New Issue
Block a user