Home Explore Help
Sign In
Qubes
/
core-admin
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Make DispVMs started from a DispVM to use the same DVM template by default

If a specific DVM template is used for given DispVM, make new DispVMs
called from it use the same DVM template (unless explicitly overridden).
This prevent various isolation bypass cases, like using a chain of
DispVMs to access network.
Marek Marczykowski-Górecki 5 years ago
parent
322306ec65
commit
8962452502
1 changed files with 6 additions and 0 deletions
Split View Show Diff Stats
  1. 6 0
      qubes/vm/dispvm.py

+ 6 - 0
qubes/vm/dispvm.py
View File 

@@ -45,6 +45,12 @@ class DispVM(qubes.vm.qubesvm.QubesVM):
 
         default=(lambda self: not self.auto_cleanup),
 
         doc='If this domain is to be included in default backup.')
 
 
+    default_dispvm = qubes.VMProperty('default_dispvm',
 
+        load_stage=4,
 
+        allow_none=True,
 
+        default=(lambda self: self.template),
 
+        doc='Default VM to be used as Disposable VM for service calls.')
 
+
 
     def __init__(self, app, xml, *args, **kwargs):
 
         self.volume_config = {
 
             'root': {