diff --git a/common/block_add_change b/common/block_add_change new file mode 100755 index 00000000..f2f3a48f --- /dev/null +++ b/common/block_add_change @@ -0,0 +1,29 @@ +#!/bin/bash + +NAME=${DEVNAME#/dev/} +DESC="${ID_MODEL} (${ID_FS_LABEL})" +SIZE=$(cat /sys/$DEVPATH/size) +MODE=w +XS_KEY="qubes-block-devices/$NAME" + +# Ignore mounted... +if fgrep -q $DEVNAME /proc/mounts; then + xenstore-rm "$XS_KEY" + exit 0 +fi +# ... and used by device-mapper +if [ -n "`ls -A /sys/$DEVPATH/holders 2> /dev/null`" ]; then + xenstore-rm "$XS_KEY" + exit 0 +fi + +# Special case for CD +if [ "$ID_TYPE" = "cd" ]; then + if [ "$ID_MEDIA_CDROM" != "1" ]; then + # Hide empty cdrom drive + xenstore-rm "$XS_KEY" + exit 0 + fi + MODE=r +fi +xenstore-write "$XS_KEY/desc" "$DESC" "$XS_KEY/size" "$SIZE" "$XS_KEY/mode" "$MODE" diff --git a/common/block_remove b/common/block_remove new file mode 100755 index 00000000..4825dead --- /dev/null +++ b/common/block_remove @@ -0,0 +1,5 @@ +#!/bin/sh + +NAME=${DEVNAME#/dev/} +XS_KEY="qubes-block-devices/$NAME" +xenstore-rm "$XS_KEY" diff --git a/common/qubes_block.rules b/common/qubes_block.rules new file mode 100644 index 00000000..644834fa --- /dev/null +++ b/common/qubes_block.rules @@ -0,0 +1,19 @@ +# Expose all (except xen-frontend) block devices via xenstore + +# Only block devices are interesting +SUBSYSTEM!="block", GOTO="qubes_block_end" + +# Skip xen-blkfront devices +ENV{MAJOR}=="202", GOTO="qubes_block_end" + +# Skip loop devices +ENV{MAJOR}=="7", GOTO="qubes_block_end" + +# Skip device-mapper devices +ENV{MAJOR}=="253", GOTO="qubes_block_end" + +ACTION=="add", RUN+="/usr/lib/qubes/block_add_change" +ACTION=="change", RUN+="/usr/lib/qubes/block_add_change" +ACTION=="remove", RUN+="/usr/lib/qubes/block_remove" + +LABEL="qubes_block_end" diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index fbb0ec1f..62760803 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -658,11 +658,17 @@ class QubesVm(object): "{0}/qubes_secondary_dns".format(domain_path), self.netvm_vm.secondary_dns) + xs.write('', + "{0}/qubes-block-devices".format(domain_path), + '') + # Fix permissions xs.set_permissions('', '{0}/device'.format(domain_path), [{ 'dom': xid }]) xs.set_permissions('', '{0}/memory'.format(domain_path), [{ 'dom': xid }]) + xs.set_permissions('', '{0}/qubes-block-devices'.format(domain_path), + [{ 'dom': xid }]) def get_rootdev(self, source_template=None): if self.template_vm: diff --git a/rpm_spec/core-commonvm.spec b/rpm_spec/core-commonvm.spec index 634d1b9f..fdf2bb3e 100644 --- a/rpm_spec/core-commonvm.spec +++ b/rpm_spec/core-commonvm.spec @@ -78,9 +78,12 @@ cp serial.conf $RPM_BUILD_ROOT/var/lib/qubes/ mkdir -p $RPM_BUILD_ROOT/etc/udev/rules.d cp qubes_network.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_network.rules cp qubes_memory.rules $RPM_BUILD_ROOT/etc/udev/rules.d/50-qubes_memory.rules +cp qubes_block.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_block.rules mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes/ cp setup_ip $RPM_BUILD_ROOT/usr/lib/qubes/ cp qubes_download_dom0_updates.sh $RPM_BUILD_ROOT/usr/lib/qubes/ +cp block_add_change $RPM_BUILD_ROOT/usr/lib/qubes/ +cp block_remove $RPM_BUILD_ROOT/usr/lib/qubes/ mkdir -p $RPM_BUILD_ROOT/etc/yum/post-actions cp qubes_trigger_sync_appmenus.action $RPM_BUILD_ROOT/etc/yum/post-actions/ mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes @@ -243,9 +246,12 @@ rm -rf $RPM_BUILD_ROOT /usr/bin/xenstore-watch-qubes /etc/udev/rules.d/99-qubes_network.rules /etc/udev/rules.d/50-qubes_memory.rules +/etc/udev/rules.d/99-qubes_block.rules /etc/sysconfig/modules/qubes_core.modules /usr/lib/qubes/setup_ip /etc/yum/post-actions/qubes_trigger_sync_appmenus.action /usr/lib/qubes/qubes_trigger_sync_appmenus.sh /usr/lib/qubes/qubes_download_dom0_updates.sh +/usr/lib/qubes/block_add_change +/usr/lib/qubes/block_remove /lib/firmware/updates diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index 70d08171..309a1a80 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -74,6 +74,9 @@ cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts cp ../common/block-snapshot $RPM_BUILD_ROOT/etc/xen/scripts ln -s block-snapshot $RPM_BUILD_ROOT/etc/xen/scripts/block-origin +mkdir -p $RPM_BUILD_ROOT/etc/udev/rules.d +cp ../common/qubes_block.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_block.rules + mkdir -p $RPM_BUILD_ROOT%{python_sitearch}/qubes cp qvm-core/qubes.py $RPM_BUILD_ROOT%{python_sitearch}/qubes cp qvm-core/qubes.py[co] $RPM_BUILD_ROOT%{python_sitearch}/qubes @@ -99,6 +102,8 @@ cp ../qrexec/qrexec_policy $RPM_BUILD_ROOT/usr/lib/qubes/ cp aux-tools/qfile-dom0-unpacker $RPM_BUILD_ROOT/usr/lib/qubes/ cp aux-tools/qubes-receive-updates $RPM_BUILD_ROOT/usr/lib/qubes/ cp aux-tools/keep-dom0-clock-synced $RPM_BUILD_ROOT/usr/lib/qubes/ +cp ../common/block_add_change $RPM_BUILD_ROOT/usr/lib/qubes/ +cp ../common/block_remove $RPM_BUILD_ROOT/usr/lib/qubes/ mkdir -p $RPM_BUILD_ROOT/etc/qubes_rpc/policy cp ../appvm/qubes.Filecopy.policy $RPM_BUILD_ROOT/etc/qubes_rpc/policy/qubes.Filecopy @@ -305,6 +310,8 @@ fi /usr/lib/qubes/meminfo-writer /usr/lib/qubes/qfile-daemon-dvm* /usr/lib/qubes/qubes-receive-updates +/usr/lib/qubes/block_add_change +/usr/lib/qubes/block_remove %attr(4750,root,qubes) /usr/lib/qubes/qfile-dom0-unpacker /usr/lib/qubes/keep-dom0-clock-synced %attr(770,root,qubes) %dir /var/lib/qubes @@ -358,6 +365,7 @@ fi /etc/sudoers.d/qubes /etc/xdg/autostart/qubes-guid.desktop /etc/security/limits.d/99-qubes.conf +/etc/udev/rules.d/99-qubes_block.rules /etc/dracut.conf.d/* %dir /usr/share/dracut/modules.d/90qubes-pciback /usr/share/dracut/modules.d/90qubes-pciback/*