Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ext/core_features: add handling 'qubes-firewall' feature request

Browse Source 
VM (template) can announce whether it support enforcing firewall rules
or not.

Fixes QubesOS/qubes-issues#2003
This commit is contained in:
Marek Marczykowski-Górecki 2017-07-30 18:34:43 +02:00
parent 71a1be30e7
commit 8a8674bb57
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
qubes/ext/core_features.py
View File

@ -32,7 +32,7 @@ class CoreFeatures(qubes.ext.Extension):
return return
requested_features = {} requested_features = {}
for feature in ('qrexec', 'gui'): for feature in ('qrexec', 'gui', 'qubes-firewall'):
untrusted_value = untrusted_features.get(feature, None) untrusted_value = untrusted_features.get(feature, None)
if untrusted_value in ('1', '0'): if untrusted_value in ('1', '0'):
requested_features[feature] = bool(int(untrusted_value)) requested_features[feature] = bool(int(untrusted_value))
@ -50,6 +50,11 @@ class CoreFeatures(qubes.ext.Extension):
if feature in requested_features and feature not in vm.features: if feature in requested_features and feature not in vm.features:
vm.features[feature] = requested_features[feature] vm.features[feature] = requested_features[feature]
# those features can be freely enabled or disabled by template
for feature in ('qubes-firewall',):
if feature in requested_features:
vm.features[feature] = requested_features[feature]
if not qrexec_before and vm.features.get('qrexec', False): if not qrexec_before and vm.features.get('qrexec', False):
# if this is the first time qrexec was advertised, now can finish # if this is the first time qrexec was advertised, now can finish
# template setup # template setup