vm/mix/net: prevent setting provides_network=false if qube is still used

Add symmetric check to the one in 'netvm' property. Fixes QubesOS/qubes-issues#4552
2018-12-06 20:28:35 +01:00 · 2018-12-06 20:28:35 +01:00 · 7a6e4b284f
commit 7a6e4b284f
parent 9f6c97596d
2 changed files with 24 additions and 1 deletions
--- a/qubes/tests/vm/mix/net.py
+++ b/qubes/tests/vm/mix/net.py
@ -141,3 +141,16 @@ class TC_00_NetVMMixin(
        self.assertPropertyInvalidValue(vm, 'ip', 'zzzz')
        self.assertPropertyInvalidValue(vm, 'ip',
            '1:2:3:4:5:6:7:8:0:a:b:c:d:e:f:0')
+
+    def test_170_provides_network_netvm(self):
+        vm = self.get_vm()
+        vm2 = self.get_vm('test2', qid=3)
+        self.assertPropertyDefaultValue(vm, 'provides_network', False)
+        self.assertPropertyInvalidValue(vm2, 'netvm', vm)
+        self.assertPropertyValue(vm, 'provides_network', True, True, 'True')
+        self.assertPropertyValue(vm2, 'netvm', vm, vm, 'test-inst-test')
+        # used by other vm
+        self.assertPropertyInvalidValue(vm, 'provides_network', False)
+        self.assertPropertyValue(vm2, 'netvm', None, None, '')
+        self.assertPropertyValue(vm2, 'netvm', '', None, '')
+        self.assertPropertyValue(vm, 'provides_network', False, False, 'False')
--- a/qubes/vm/mix/net.py
+++ b/qubes/vm/mix/net.py
@ -80,6 +80,16 @@ def _setter_netvm(self, prop, value):
                'Loops in network are unsupported')
    return value

+def _setter_provides_network(self, prop, value):
+    value = qubes.property.bool(self, prop, value)
+    if not value:
+        if list(self.connected_vms):
+            raise qubes.exc.QubesValueError(
+                'The qube is still used by other qubes, change theirs '
+                '\'netvm\' first')
+
+    return value
+

 class NetVMMixin(qubes.events.Emitter):
    ''' Mixin containing network functionality '''
@ -105,7 +115,7 @@ class NetVMMixin(qubes.events.Emitter):
            NetVM.''')

    provides_network = qubes.property('provides_network', default=False,
-        type=bool, setter=qubes.property.bool,
+        type=bool, setter=_setter_provides_network,
        doc='''If this domain can act as network provider (formerly known as
            NetVM or ProxyVM)''')