Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

services: handle dom0 write permission errors

Browse Source
This commit is contained in:
Frédéric Pierret (fepitre) 2020-02-18 11:18:01 +01:00
parent d0a8b49cc9
commit a7e7166f7a
No known key found for this signature in database
GPG Key ID: 484010B5CDC576E2
1 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
qubes/ext/services.py
View File

@ -29,6 +29,23 @@ class ServicesExtension(qubes.ext.Extension):
/qubes-service/ tree. /qubes-service/ tree.
""" """
@staticmethod
def add_dom0_services(vm, service):
try:
os.makedirs('/var/run/qubes-service/', exist_ok=True)
if not os.path.exists('/var/run/qubes-service/{}'.format(service)):
os.mknod('/var/run/qubes-service/{}'.format(service))
except PermissionError:
vm.log.warning("Cannot write to /var/run/qubes-service")
@staticmethod
def remove_dom0_services(vm, service):
try:
if os.path.exists('/var/run/qubes-service/{}'.format(service)):
os.remove('/var/run/qubes-service/{}'.format(service))
except PermissionError:
vm.log.warning("Cannot write to /var/run/qubes-service")
# pylint: disable=no-self-use # pylint: disable=no-self-use
@qubes.ext.handler('domain-qdb-create') @qubes.ext.handler('domain-qdb-create')
def on_domain_qdb_create(self, vm, event): def on_domain_qdb_create(self, vm, event):
@ -73,9 +90,8 @@ class ServicesExtension(qubes.ext.Extension):
vm.untrusted_qdb.write('/qubes-service/{}'.format(service), vm.untrusted_qdb.write('/qubes-service/{}'.format(service),
str(int(bool(value)))) str(int(bool(value))))
if vm.name == "dom0" and str(int(bool(value))) == "1" and not \ if vm.name == "dom0" and str(int(bool(value))) == "1":
os.path.exists('/var/run/qubes-service/{}'.format(service)): self.add_dom0_services(vm, service)
os.mknod('/var/run/qubes-service/{}'.format(service))
@qubes.ext.handler('domain-feature-delete:*') @qubes.ext.handler('domain-feature-delete:*')
def on_domain_feature_delete(self, vm, event, feature): def on_domain_feature_delete(self, vm, event, feature):
@ -91,9 +107,8 @@ class ServicesExtension(qubes.ext.Extension):
return return
vm.untrusted_qdb.rm('/qubes-service/{}'.format(service)) vm.untrusted_qdb.rm('/qubes-service/{}'.format(service))
if vm.name == "dom0" and os.path.exists( if vm.name == "dom0":
'/var/run/qubes-service/{}'.format(service)): self.remove_dom0_services(vm, service)
os.remove('/var/run/qubes-service/{}'.format(service))
@qubes.ext.handler('domain-load') @qubes.ext.handler('domain-load')
def on_domain_load(self, vm, event): def on_domain_load(self, vm, event):
@ -107,7 +122,6 @@ class ServicesExtension(qubes.ext.Extension):
del vm.features['service.meminfo-writer'] del vm.features['service.meminfo-writer']
if vm.name == "dom0": if vm.name == "dom0":
os.makedirs('/var/run/qubes-service/', exist_ok=True)
for feature, value in vm.features.items(): for feature, value in vm.features.items():
if not feature.startswith('service.'): if not feature.startswith('service.'):
continue continue