Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

qrexec: manually autostart target rpc domain

Browse Source 
option 2) from the previous commit comment
This commit is contained in:
Rafal Wojtczuk 2011-07-07 10:05:41 +02:00
parent 11c1cb0aa2
commit 65fe9e1b93
1 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
qrexec/qrexec_policy
View File

@ -3,6 +3,7 @@ import sys
import os import os
import os.path import os.path
import subprocess import subprocess
import xen.lowlevel.xl
POLICY_FILE_DIR="/etc/qubes_rpc/policy" POLICY_FILE_DIR="/etc/qubes_rpc/policy"
QREXEC_CLIENT="/usr/lib/qubes/qrexec_client" QREXEC_CLIENT="/usr/lib/qubes/qrexec_client"
@ -56,15 +57,33 @@ def find_policy(policy, domain, target):
return iter return iter
return get_default_policy() return get_default_policy()
def is_domain_running(target):
xl_ctx = xen.lowlevel.xl.ctx()
domains = xl_ctx.list_domains()
for dominfo in domains:
domname = xl_ctx.domid_to_name(dominfo.domid)
if domname == target:
return True
return False
def spawn_target_if_necessary(target):
if not is_domain_running(target):
return
null=open("/dev/null", "r+")
subprocess.call("qvm-run -a -q " + target + " true", stdin=null, stdout=null)
null.close()
def do_execute(domain, target, user, exec_index, process_ident): def do_execute(domain, target, user, exec_index, process_ident):
if target == "dom0": if target == "dom0":
cmd="/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain cmd="/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain
elif target == "dispvm": elif target == "dispvm":
cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain + " " +user cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain + " " +user
else: else:
#fixme: qvm-run --pass_io is broken for non-running target domain # see the previous commit why "qvm-run -a" is broken and dangerous
cmd= "qvm-run -uroot -q --pass_io "+target + " -u" + user # also, dangling "xl" would keep stderr open and may prevent closing connection
cmd+=" '/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain + "'" spawn_target_if_necessary(target)
cmd= QREXEC_CLIENT + " -d " + target + " " + user
cmd+=":/usr/lib/qubes/qubes_rpc_multiplexer "+ exec_index + " " + domain
os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", cmd, "-c", process_ident) os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", cmd, "-c", process_ident)
def confirm_execution(domain, target, exec_index): def confirm_execution(domain, target, exec_index):