Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

dispvm: fix firewall propagation when the calling VM has no rules set

Browse Source 
Fixes QubesOS/qubes-issues#1608
This commit is contained in:
Marek Marczykowski-Górecki 2016-01-18 02:19:19 +01:00
parent ce75ba411f
commit 873706428e
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
dispvm/qfile-daemon-dvm
View File

@ -79,10 +79,13 @@ class QfileDaemonDvm:
label=label) label=label)
print >>sys.stderr, "time=%s, VM created" % (str(time.time())) print >>sys.stderr, "time=%s, VM created" % (str(time.time()))
# By default inherit firewall rules from calling VM # By default inherit firewall rules from calling VM
disp_firewall_conf = '/var/run/qubes/%s-firewall.xml' % dispvm.name
dispvm.firewall_conf = disp_firewall_conf
if os.path.exists(vm.firewall_conf): if os.path.exists(vm.firewall_conf):
disp_firewall_conf = '/var/run/qubes/%s-firewall.xml' % dispvm.name
shutil.copy(vm.firewall_conf, disp_firewall_conf) shutil.copy(vm.firewall_conf, disp_firewall_conf)
dispvm.firewall_conf = disp_firewall_conf elif vm.qid == 0 and os.path.exists(vm_disptempl.firewall_conf):
# for DispVM called from dom0, copy use rules from DispVM template
shutil.copy(vm_disptempl.firewall_conf, disp_firewall_conf)
if len(sys.argv) > 5 and len(sys.argv[5]) > 0: if len(sys.argv) > 5 and len(sys.argv[5]) > 0:
assert os.path.exists(sys.argv[5]), "Invalid firewall.conf location" assert os.path.exists(sys.argv[5]), "Invalid firewall.conf location"
dispvm.firewall_conf = sys.argv[5] dispvm.firewall_conf = sys.argv[5]