From 7d1bcaf64c4aea9ec6ee403c692ba21f3439e1f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sat, 1 Dec 2018 05:07:32 +0100 Subject: [PATCH] Introduce management_dispvm property MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The new property is meant for management stack (Salt) to set which DVM template should be used to maintain given VM. Since the DispVM based on it will be given ultimate control over target VM (qubes.VMShell service), it should be trusted. The one pointed to by default_dispvm not necessary is one. The property defaults to the value from the template (if any), and then to a global management_dispvm property. By default it is set to None. Signed-off-by: Marek Marczykowski-Górecki --- qubes/app.py | 4 ++++ qubes/tests/vm/qubesvm.py | 30 ++++++++++++++++++++++++++++++ qubes/vm/qubesvm.py | 7 +++++++ 3 files changed, 41 insertions(+) diff --git a/qubes/app.py b/qubes/app.py index 5e72159f..b942dff3 100644 --- a/qubes/app.py +++ b/qubes/app.py @@ -692,6 +692,10 @@ class Qubes(qubes.PropertyHolder): default=None, doc='Default DispVM base for service calls', allow_none=True) + management_dispvm = qubes.VMProperty('management_dispvm', load_stage=3, + default=None, + doc='Default DispVM base for managing VMs', allow_none=True) + default_pool = qubes.property('default_pool', load_stage=3, default=_default_pool, setter=_setter_pool, diff --git a/qubes/tests/vm/qubesvm.py b/qubes/tests/vm/qubesvm.py index 308fd782..40fdf9b5 100644 --- a/qubes/tests/vm/qubesvm.py +++ b/qubes/tests/vm/qubesvm.py @@ -498,6 +498,36 @@ class TC_90_QubesVM(QubesVMTestsMixin, qubes.tests.QubesTestCase): 'qubes-vm@{}.service'.format(vm.name)), "systemd service not disabled by resetting autostart") + def test_290_management_dispvm(self): + vm = self.get_vm() + vm2 = self.get_vm('test2', qid=2) + self.app.management_dispvm = None + self.assertPropertyDefaultValue(vm, 'management_dispvm', None) + self.app.management_dispvm = vm + try: + self.assertPropertyDefaultValue(vm, 'management_dispvm', vm) + self.assertPropertyValue(vm, 'management_dispvm', + 'test-inst-test2', vm2) + finally: + self.app.management_dispvm = None + + def test_291_management_dispvm_template_based(self): + tpl = self.get_vm(name='tpl', cls=qubes.vm.templatevm.TemplateVM) + vm = self.get_vm(cls=qubes.vm.appvm.AppVM, template=tpl, qid=2) + vm2 = self.get_vm('test2', qid=3) + del vm.volumes + self.app.management_dispvm = None + try: + self.assertPropertyDefaultValue(vm, 'management_dispvm', None) + self.app.management_dispvm = vm + self.assertPropertyDefaultValue(vm, 'management_dispvm', vm) + tpl.management_dispvm = vm2 + self.assertPropertyDefaultValue(vm, 'management_dispvm', vm2) + self.assertPropertyValue(vm, 'management_dispvm', + 'test-inst-test2', vm2) + finally: + self.app.management_dispvm = None + @unittest.skip('TODO') def test_320_seamless_gui_mode(self): vm = self.get_vm() diff --git a/qubes/vm/qubesvm.py b/qubes/vm/qubesvm.py index 3adfb243..f7729d1f 100644 --- a/qubes/vm/qubesvm.py +++ b/qubes/vm/qubesvm.py @@ -554,6 +554,13 @@ class QubesVM(qubes.vm.mix.net.NetVMMixin, qubes.vm.BaseVM): default=(lambda self: self.app.default_dispvm), doc='Default VM to be used as Disposable VM for service calls.') + management_dispvm = qubes.VMProperty('management_dispvm', + load_stage=4, + allow_none=True, + default=_default_with_template('management_dispvm', + (lambda self: self.app.management_dispvm)), + doc='Default DVM template for Disposable VM for managing this VM.') + updateable = qubes.property('updateable', default=(lambda self: not hasattr(self, 'template')), type=bool,