Implemented firewall_conf storage

This commit is contained in:
Tomasz Sterna 2011-02-21 18:13:27 +01:00
parent 8ca63ba176
commit a450e51126

View File

@ -65,6 +65,7 @@ default_appvms_conf_file = "appvm-template.conf"
default_templatevm_conf_template = "templatevm.conf" # needed for TemplateVM cloning default_templatevm_conf_template = "templatevm.conf" # needed for TemplateVM cloning
default_appmenus_templates_subdir = "apps.templates" default_appmenus_templates_subdir = "apps.templates"
default_kernels_subdir = "kernels" default_kernels_subdir = "kernels"
default_firewall_conf_file = "firewall.xml"
# do not allow to start a new AppVM if Dom0 mem was to be less than this # do not allow to start a new AppVM if Dom0 mem was to be less than this
dom0_min_memory = 700*1024*1024 dom0_min_memory = 700*1024*1024
@ -529,7 +530,7 @@ class QubesVm(object):
print "--> Setting Xen Store info for the VM..." print "--> Setting Xen Store info for the VM..."
self.create_xenstore_entries(xid) self.create_xenstore_entries(xid)
if not self.is_netvm() and self.netvm_vm is not None: if (not self.is_netvm() or self.is_fwvm()) and self.netvm_vm is not None:
assert self.netvm_vm is not None assert self.netvm_vm is not None
if verbose: if verbose:
print "--> Attaching to the network backend (netvm={0})...".format(self.netvm_vm.name) print "--> Attaching to the network backend (netvm={0})...".format(self.netvm_vm.name)
@ -927,6 +928,20 @@ class QubesFirewallVm(QubesNetVm):
def type(self): def type(self):
return "FirewallVM" return "FirewallVM"
def create_xenstore_entries(self, xid):
if dry_run:
return
super(QubesFirewallVm, self).create_xenstore_entries(xid)
self.write_iptables_xenstore_entry()
def write_iptables_xenstore_entry(self):
iptables = ""
retcode = subprocess.check_call ([
"/usr/bin/xenstore-write",
"/local/domain/{0}/qubes_iptables".format(self.get_xid()),
iptables])
def create_xml_element(self): def create_xml_element(self):
element = xml.etree.ElementTree.Element( element = xml.etree.ElementTree.Element(
"QubesFirewallVm", "QubesFirewallVm",
@ -1091,6 +1106,11 @@ class QubesAppVm(QubesVm):
self.rootcow_img = dir_path + "/" + default_rootcow_img self.rootcow_img = dir_path + "/" + default_rootcow_img
self.swapcow_img = dir_path + "/" + default_swapcow_img self.swapcow_img = dir_path + "/" + default_swapcow_img
if "firewall_conf" not in kwargs or kwargs["firewall_conf"] is None:
kwargs["firewall_conf"] = dir_path + "/" + default_firewall_conf_file
self.firewall_conf = kwargs["firewall_conf"]
@property @property
def type(self): def type(self):
@ -1163,6 +1183,26 @@ class QubesAppVm(QubesVm):
def create_appmenus(self, verbose): def create_appmenus(self, verbose):
subprocess.check_call ([qubes_appmenu_create_cmd, self.template_vm.appmenus_templates_dir, self.name]) subprocess.check_call ([qubes_appmenu_create_cmd, self.template_vm.appmenus_templates_dir, self.name])
def write_firewall_conf(self, xml):
f = open(self.firewall_conf, 'a') # create the file if not exist
f.close()
with open(self.firewall_conf, 'w') as f:
fcntl.lockf(f, fcntl.LOCK_EX)
xml.write(f, "UTF-8")
fcntl.lockf(f, fcntl.LOCK_UN)
f.close()
def get_firewall_conf(self):
try:
tree = xml.etree.ElementTree.parse(self.firewall_conf)
except (EnvironmentError,
xml.parsers.expat.ExpatError) as err:
print("{0}: load error: {1}".format(
os.path.basename(sys.argv[0]), err))
return None
return tree.getroot()
def get_disk_utilization_root_img(self): def get_disk_utilization_root_img(self):
return 0 return 0
@ -1524,7 +1564,7 @@ class QubesVmCollection(dict):
self.qubes_store_file.truncate() self.qubes_store_file.truncate()
tree.write(self.qubes_store_file, "UTF-8") tree.write(self.qubes_store_file, "UTF-8")
except EnvironmentError as err: except EnvironmentError as err:
print("{0}: import error: {1}".format( print("{0}: export error: {1}".format(
os.path.basename(sys.argv[0]), err)) os.path.basename(sys.argv[0]), err))
return False return False
return True return True