dom0+vm: expose block devices info in xenstore (#226)

common/block_add_change

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+NAME=${DEVNAME#/dev/}
+DESC="${ID_MODEL} (${ID_FS_LABEL})"
+SIZE=$(cat /sys/$DEVPATH/size)
+MODE=w
+XS_KEY="qubes-block-devices/$NAME"
+
+# Ignore mounted...
+if fgrep -q $DEVNAME /proc/mounts; then
+    xenstore-rm "$XS_KEY"
+    exit 0
+fi
+# ... and used by device-mapper
+if [ -n "`ls -A /sys/$DEVPATH/holders 2> /dev/null`" ]; then
+    xenstore-rm "$XS_KEY"
+    exit 0
+fi
+
+# Special case for CD
+if [ "$ID_TYPE" = "cd" ]; then
+    if [ "$ID_MEDIA_CDROM" != "1" ]; then
+        # Hide empty cdrom drive
+        xenstore-rm "$XS_KEY"
+        exit 0
+    fi
+    MODE=r
+fi
+xenstore-write "$XS_KEY/desc" "$DESC" "$XS_KEY/size" "$SIZE" "$XS_KEY/mode" "$MODE"

common/block_remove

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+NAME=${DEVNAME#/dev/}
+XS_KEY="qubes-block-devices/$NAME"
+xenstore-rm "$XS_KEY"

common/qubes_block.rules

@@ -0,0 +1,19 @@
+# Expose all (except xen-frontend) block devices via xenstore
+
+# Only block devices are interesting
+SUBSYSTEM!="block", GOTO="qubes_block_end"
+
+# Skip xen-blkfront devices
+ENV{MAJOR}=="202", GOTO="qubes_block_end"
+
+# Skip loop devices
+ENV{MAJOR}=="7", GOTO="qubes_block_end"
+
+# Skip device-mapper devices
+ENV{MAJOR}=="253", GOTO="qubes_block_end"
+
+ACTION=="add", RUN+="/usr/lib/qubes/block_add_change"
+ACTION=="change", RUN+="/usr/lib/qubes/block_add_change"
+ACTION=="remove", RUN+="/usr/lib/qubes/block_remove"
+
+LABEL="qubes_block_end"

dom0/qvm-core/qubes.py

@@ -658,11 +658,17 @@ class QubesVm(object):
                     "{0}/qubes_secondary_dns".format(domain_path),
                     self.netvm_vm.secondary_dns)
 
+        xs.write('',
+                "{0}/qubes-block-devices".format(domain_path),
+                '')
+
         # Fix permissions
         xs.set_permissions('', '{0}/device'.format(domain_path),
                 [{ 'dom': xid }])
         xs.set_permissions('', '{0}/memory'.format(domain_path),
                 [{ 'dom': xid }])
+        xs.set_permissions('', '{0}/qubes-block-devices'.format(domain_path),
+                [{ 'dom': xid }])
 
     def get_rootdev(self, source_template=None):
         if self.template_vm:

rpm_spec/core-commonvm.spec

@@ -78,9 +78,12 @@ cp serial.conf $RPM_BUILD_ROOT/var/lib/qubes/
 mkdir -p $RPM_BUILD_ROOT/etc/udev/rules.d
 cp qubes_network.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_network.rules
 cp qubes_memory.rules $RPM_BUILD_ROOT/etc/udev/rules.d/50-qubes_memory.rules
+cp qubes_block.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_block.rules
 mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes/
 cp setup_ip $RPM_BUILD_ROOT/usr/lib/qubes/
 cp qubes_download_dom0_updates.sh $RPM_BUILD_ROOT/usr/lib/qubes/
+cp block_add_change $RPM_BUILD_ROOT/usr/lib/qubes/
+cp block_remove $RPM_BUILD_ROOT/usr/lib/qubes/
 mkdir -p $RPM_BUILD_ROOT/etc/yum/post-actions
 cp qubes_trigger_sync_appmenus.action $RPM_BUILD_ROOT/etc/yum/post-actions/
 mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
@@ -243,9 +246,12 @@ rm -rf $RPM_BUILD_ROOT
 /usr/bin/xenstore-watch-qubes
 /etc/udev/rules.d/99-qubes_network.rules
 /etc/udev/rules.d/50-qubes_memory.rules
+/etc/udev/rules.d/99-qubes_block.rules
 /etc/sysconfig/modules/qubes_core.modules
 /usr/lib/qubes/setup_ip
 /etc/yum/post-actions/qubes_trigger_sync_appmenus.action
 /usr/lib/qubes/qubes_trigger_sync_appmenus.sh
 /usr/lib/qubes/qubes_download_dom0_updates.sh
+/usr/lib/qubes/block_add_change
+/usr/lib/qubes/block_remove
 /lib/firmware/updates

rpm_spec/core-dom0.spec

@@ -74,6 +74,9 @@ cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts
 cp ../common/block-snapshot $RPM_BUILD_ROOT/etc/xen/scripts
 ln -s block-snapshot $RPM_BUILD_ROOT/etc/xen/scripts/block-origin
 
+mkdir -p $RPM_BUILD_ROOT/etc/udev/rules.d
+cp ../common/qubes_block.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_block.rules
+
 mkdir -p $RPM_BUILD_ROOT%{python_sitearch}/qubes
 cp qvm-core/qubes.py $RPM_BUILD_ROOT%{python_sitearch}/qubes
 cp qvm-core/qubes.py[co] $RPM_BUILD_ROOT%{python_sitearch}/qubes
@@ -99,6 +102,8 @@ cp ../qrexec/qrexec_policy $RPM_BUILD_ROOT/usr/lib/qubes/
 cp aux-tools/qfile-dom0-unpacker $RPM_BUILD_ROOT/usr/lib/qubes/
 cp aux-tools/qubes-receive-updates $RPM_BUILD_ROOT/usr/lib/qubes/
 cp aux-tools/keep-dom0-clock-synced $RPM_BUILD_ROOT/usr/lib/qubes/
+cp ../common/block_add_change $RPM_BUILD_ROOT/usr/lib/qubes/
+cp ../common/block_remove $RPM_BUILD_ROOT/usr/lib/qubes/
 
 mkdir -p $RPM_BUILD_ROOT/etc/qubes_rpc/policy
 cp ../appvm/qubes.Filecopy.policy $RPM_BUILD_ROOT/etc/qubes_rpc/policy/qubes.Filecopy
@@ -305,6 +310,8 @@ fi
 /usr/lib/qubes/meminfo-writer
 /usr/lib/qubes/qfile-daemon-dvm*
 /usr/lib/qubes/qubes-receive-updates
+/usr/lib/qubes/block_add_change
+/usr/lib/qubes/block_remove
 %attr(4750,root,qubes) /usr/lib/qubes/qfile-dom0-unpacker
 /usr/lib/qubes/keep-dom0-clock-synced
 %attr(770,root,qubes) %dir /var/lib/qubes
@@ -358,6 +365,7 @@ fi
 /etc/sudoers.d/qubes
 /etc/xdg/autostart/qubes-guid.desktop
 /etc/security/limits.d/99-qubes.conf
+/etc/udev/rules.d/99-qubes_block.rules
 /etc/dracut.conf.d/*
 %dir /usr/share/dracut/modules.d/90qubes-pciback
 /usr/share/dracut/modules.d/90qubes-pciback/*