dom0/DispVM: inherit firewall from calling VM (#370)

2011-10-31 01:28:46 +01:00 · 2011-10-31 01:28:46 +01:00 · a4e11dedd9
commit a4e11dedd9
parent d3c1a09ca9
2 changed files with 9 additions and 2 deletions
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@ -1748,6 +1748,7 @@ class QubesDisposableVm(QubesVm):
        attrs["dispid"] = str(self.dispid)
        attrs["template_qid"] = str(self.template_vm.qid)
        attrs["label"] = self.label.name
+        attrs["firewall_conf"] = self.firewall_conf
        return attrs

    def verify_files(self):
@ -2389,7 +2390,7 @@ class QubesVmCollection(dict):
                kwargs = {}
                attr_list = ("qid", "name",
                             "template_qid",
-                             "label", "dispid")
+                             "label", "dispid", "firewall_conf" )

                for attribute in attr_list:
                    kwargs[attribute] = element.get(attribute)
--- a/dom0/restore/qfile-daemon-dvm
+++ b/dom0/restore/qfile-daemon-dvm
@ -24,6 +24,7 @@ import dbus
 import subprocess
 import sys
 import fcntl
+import shutil

 from qubes.qubes import QubesVmCollection
 from qubes.qubes import QubesException
@ -79,7 +80,12 @@ class QfileDaemonDvm:
            qvm_collection.unlock_db()
            return None
        dispid=int(disp_name[4:])
-        qvm_collection.add_new_disposablevm(disp_name, vm_disptempl.template_vm, label=vm.label, dispid=dispid)
+        dispvm=qvm_collection.add_new_disposablevm(disp_name, vm_disptempl.template_vm, label=vm.label, dispid=dispid)
+        # By default inherit firewall rules from calling VM
+        if os.path.exists(vm.firewall_conf):
+            disp_firewall_conf = '/var/run/qubes/%s-firewall.xml' % disp_name
+            shutil.copy(vm.firewall_conf, disp_firewall_conf)
+            dispvm.firewall_conf = disp_firewall_conf
        qvm_collection.save()
        qvm_collection.unlock_db()
        # Reload firewall rules