From 2aec07dd60b21756d82adb9e1f2c895d7c2e0622 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@mimuw.edu.pl>
Date: Mon, 4 Apr 2011 19:08:40 +0200
Subject: [PATCH 1/5] Store VM collection connected to NetVM

---
 dom0/qvm-core/qubes.py | 20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py
index f82aab6a..69fcd216 100755
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@@ -203,6 +203,8 @@ class QubesVm(object):
 
         self.uses_default_netvm = uses_default_netvm
         self.netvm_vm = netvm_vm
+        if netvm_vm is not None:
+            netvm_vm.connected_vms[qid] = self
 
         # We use it in remove from disk to avoid removing rpm files (for templates)
         self.installed_by_rpm = installed_by_rpm
@@ -1242,6 +1244,7 @@ class QubesNetVm(QubesVm):
         if "vcpus" not in kwargs or kwargs["vcpus"] is None:
             kwargs["vcpus"] = default_servicevm_vcpus
         super(QubesNetVm, self).__init__(**kwargs)
+        self.connected_vms = QubesVmCollection()
 
     @property
     def type(self):
@@ -1383,17 +1386,8 @@ class QubesProxyVm(QubesNetVm):
         # Allow dom0 networking
         iptables += "-A FORWARD -i vif0.0 -j ACCEPT\n"
 
-        qvm_collection = QubesVmCollection()
-        qvm_collection.lock_db_for_reading()
-        qvm_collection.load()
-        qvm_collection.unlock_db()
-
-        vms = [vm for vm in qvm_collection.values() if vm.has_firewall()]
+        vms = [vm for vm in self.connected_vms.values() if vm.has_firewall()]
         for vm in vms:
-            # Process only VMs connected to this ProxyVM
-            if not vm.netvm_vm or vm.netvm_vm.qid != self.qid:
-                continue
-
             conf = vm.get_firewall_conf()
 
             xid = vm.get_xid()
@@ -1795,8 +1789,8 @@ class QubesVmCollection(dict):
 
         while len(new_vms) > 0:
             cur_vm = new_vms.pop()
-            for vm in self.values():
-                if vm.netvm_vm and vm.netvm_vm.qid == cur_vm and vm.qid not in dependend_vms_qid:
+            for vm in cur_vm.connected_vms.values():
+                if vm.qid not in dependend_vms_qid:
                     dependend_vms_qid.append(vm.qid)
                     if vm.is_netvm():
                         new_vms.append(vm.qid)
@@ -1964,6 +1958,8 @@ class QubesVmCollection(dict):
                     netvm_vm = self[netvm_qid]
 
         vm.netvm_vm = netvm_vm
+        if netvm_vm:
+            netvm_vm.connected_vms[vm.qid] = vm
 
     def load(self):
         self.clear()

From 1b0f1989999b82b1f69f8e1631096cdd020250b8 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@mimuw.edu.pl>
Date: Mon, 4 Apr 2011 20:02:07 +0200
Subject: [PATCH 2/5] Don't pause AppVMs when connecting network to dom0

There is no point in this, because we have firewall in NetVM. If someone
compromise NetVM to controll firewall, he could also reach dom0 by network.
---
 dom0/qvm-tools/qvm-dom0-network-via-netvm | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/dom0/qvm-tools/qvm-dom0-network-via-netvm b/dom0/qvm-tools/qvm-dom0-network-via-netvm
index 8e9c7012..e39bee07 100755
--- a/dom0/qvm-tools/qvm-dom0-network-via-netvm
+++ b/dom0/qvm-tools/qvm-dom0-network-via-netvm
@@ -54,9 +54,6 @@ def bringup_eth0(netvm):
     resolv_conf.close()
     return os.system('ifconfig eth0 10.137.0.1 netmask 255.255.255.255 && route add default dev eth0') == 0
 
-def unpause_all(netvm_name):
-     os.system('qvm-run --exclude=' + netvm_name + ' --all --unpause')
-
 def netup():
     netvm = get_netvm()
     if os.path.isfile('/var/lock/subsys/NetworkManager'):
@@ -68,9 +65,7 @@ def netup():
         if os.system(cmd) != 0:
             print 'Error creating network device'
             sys.exit(1)
-    os.system('qvm-run --exclude=' + netvm.name + ' --all --pause')
     if not bringup_eth0(netvm):
-        unpause_all(netvm.name)
         sys.exit(1)
 
 def netdown():
@@ -79,7 +74,6 @@ def netdown():
         print 'There is no eth0 that is a Xen vif device, aborting.'
         sys.exit(1)
     os.system('ifconfig eth0 down')
-    unpause_all(netvm.name)
 
 def usage():
     print 'Usage: qvm-dom0-network-via-netvm [up|down]'

From 449bcb09aca33e1da0864cf1a573791754b0fbe6 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@mimuw.edu.pl>
Date: Tue, 5 Apr 2011 00:12:32 +0200
Subject: [PATCH 3/5] Don't remove VM dir, when qvm-create failed

It can contain user data (copied here by hand)
---
 dom0/qvm-tools/qvm-create | 1 -
 1 file changed, 1 deletion(-)

diff --git a/dom0/qvm-tools/qvm-create b/dom0/qvm-tools/qvm-create
index b2d94a22..eaa86352 100755
--- a/dom0/qvm-tools/qvm-create
+++ b/dom0/qvm-tools/qvm-create
@@ -156,7 +156,6 @@ def main():
 
     except (IOError, OSError) as err:
         print "ERROR: {0}".format(err)
-        vm.remove_from_disk()
         exit (1)
 
 

From c2498a33e232a15098c1015ac27dad57a231fd93 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@mimuw.edu.pl>
Date: Tue, 5 Apr 2011 11:58:21 +0200
Subject: [PATCH 4/5] Uninstall appmenus only if present in VM dir (#192)

---
 dom0/aux-tools/remove_appvm_appmenus.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/dom0/aux-tools/remove_appvm_appmenus.sh b/dom0/aux-tools/remove_appvm_appmenus.sh
index b163f51b..748132e3 100755
--- a/dom0/aux-tools/remove_appvm_appmenus.sh
+++ b/dom0/aux-tools/remove_appvm_appmenus.sh
@@ -8,5 +8,7 @@ if [ $# != 1 ]; then
     exit
 fi
 
-xdg-desktop-menu uninstall $APPSDIR/*.directory $APPSDIR/*.desktop
+if ls $APPSDIR/*.directory $APPSDIR/*.desktop > /dev/null 2>&1; then
+    xdg-desktop-menu uninstall $APPSDIR/*.directory $APPSDIR/*.desktop
+fi
 

From ffaa518c5a2a792db2abee16a6e80f6995fcfb43 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@mimuw.edu.pl>
Date: Tue, 5 Apr 2011 14:33:51 +0200
Subject: [PATCH 5/5] Fix checking if there is AppVMs based on template (#154)

---
 dom0/qvm-core/qubes.py    | 2 +-
 dom0/qvm-tools/qvm-remove | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py
index 69fcd216..3698ed2d 100755
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@@ -1776,7 +1776,7 @@ class QubesVmCollection(dict):
 
     def get_vms_based_on(self, template_qid):
         vms = set([vm for vm in self.values()
-                   if (vm.is_appvm() and vm.template_vm.qid == template_qid)])
+                   if (vm.template_vm and vm.template_vm.qid == template_qid)])
         return vms
 
     def get_vms_connected_to(self, netvm_qid):
diff --git a/dom0/qvm-tools/qvm-remove b/dom0/qvm-tools/qvm-remove
index 50beaf65..e29cb6bd 100755
--- a/dom0/qvm-tools/qvm-remove
+++ b/dom0/qvm-tools/qvm-remove
@@ -48,7 +48,7 @@ def main():
             print "The following AppVMs use '{0}' as a template:".format(vmname)
             for vm in dependent_vms:
                 print "{name:<12} (qid={qid})".format(qid=vm.qid, name=vm.name)
-            print "Please remove those VMs first, or use the --force option."
+            print "Please remove those VMs first."
             exit (1)
         if qvm_collection.default_template_qid == vm.qid:
             qvm_collection.default_template_qid = None