From a4e11dedd95e66023b0b2c90e4d7a804ba4287a3 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Mon, 31 Oct 2011 01:28:46 +0100 Subject: [PATCH] dom0/DispVM: inherit firewall from calling VM (#370) --- dom0/qvm-core/qubes.py | 3 ++- dom0/restore/qfile-daemon-dvm | 8 +++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index 950b124e..d0d18cf1 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -1748,6 +1748,7 @@ class QubesDisposableVm(QubesVm): attrs["dispid"] = str(self.dispid) attrs["template_qid"] = str(self.template_vm.qid) attrs["label"] = self.label.name + attrs["firewall_conf"] = self.firewall_conf return attrs def verify_files(self): @@ -2389,7 +2390,7 @@ class QubesVmCollection(dict): kwargs = {} attr_list = ("qid", "name", "template_qid", - "label", "dispid") + "label", "dispid", "firewall_conf" ) for attribute in attr_list: kwargs[attribute] = element.get(attribute) diff --git a/dom0/restore/qfile-daemon-dvm b/dom0/restore/qfile-daemon-dvm index c03a6cba..984a816b 100755 --- a/dom0/restore/qfile-daemon-dvm +++ b/dom0/restore/qfile-daemon-dvm @@ -24,6 +24,7 @@ import dbus import subprocess import sys import fcntl +import shutil from qubes.qubes import QubesVmCollection from qubes.qubes import QubesException @@ -79,7 +80,12 @@ class QfileDaemonDvm: qvm_collection.unlock_db() return None dispid=int(disp_name[4:]) - qvm_collection.add_new_disposablevm(disp_name, vm_disptempl.template_vm, label=vm.label, dispid=dispid) + dispvm=qvm_collection.add_new_disposablevm(disp_name, vm_disptempl.template_vm, label=vm.label, dispid=dispid) + # By default inherit firewall rules from calling VM + if os.path.exists(vm.firewall_conf): + disp_firewall_conf = '/var/run/qubes/%s-firewall.xml' % disp_name + shutil.copy(vm.firewall_conf, disp_firewall_conf) + dispvm.firewall_conf = disp_firewall_conf qvm_collection.save() qvm_collection.unlock_db() # Reload firewall rules