dom0/DispVM: inherit firewall from calling VM (#370)

dom0/qvm-core/qubes.py

@@ -1748,6 +1748,7 @@ class QubesDisposableVm(QubesVm):
         attrs["dispid"] = str(self.dispid)
         attrs["template_qid"] = str(self.template_vm.qid)
         attrs["label"] = self.label.name
+        attrs["firewall_conf"] = self.firewall_conf
         return attrs
 
     def verify_files(self):
@@ -2389,7 +2390,7 @@ class QubesVmCollection(dict):
                 kwargs = {}
                 attr_list = ("qid", "name",
                              "template_qid",
-                             "label", "dispid")
+                             "label", "dispid", "firewall_conf" )
 
                 for attribute in attr_list:
                     kwargs[attribute] = element.get(attribute)

dom0/restore/qfile-daemon-dvm

@@ -24,6 +24,7 @@ import dbus
 import subprocess
 import sys
 import fcntl
+import shutil
 
 from qubes.qubes import QubesVmCollection
 from qubes.qubes import QubesException
@@ -79,7 +80,12 @@ class QfileDaemonDvm:
             qvm_collection.unlock_db()
             return None
         dispid=int(disp_name[4:])
-        qvm_collection.add_new_disposablevm(disp_name, vm_disptempl.template_vm, label=vm.label, dispid=dispid)
+        dispvm=qvm_collection.add_new_disposablevm(disp_name, vm_disptempl.template_vm, label=vm.label, dispid=dispid)
+        # By default inherit firewall rules from calling VM
+        if os.path.exists(vm.firewall_conf):
+            disp_firewall_conf = '/var/run/qubes/%s-firewall.xml' % disp_name
+            shutil.copy(vm.firewall_conf, disp_firewall_conf)
+            dispvm.firewall_conf = disp_firewall_conf
         qvm_collection.save()
         qvm_collection.unlock_db()
         # Reload firewall rules