From a97458ad0884149c468d89200eb4ce7a2b91fb72 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Fri, 20 Jul 2012 22:54:53 +0200
Subject: [PATCH] dom0/core: do not reset firewall on clone_attrs

---
 dom0/qvm-core/qubes.py | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py
index 0e6ad49d..09b35d54 100755
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@@ -258,6 +258,8 @@ class QubesVm(object):
                 'self.template.appmenus_templates_dir if self.template is not None else None' },
             "config_file_template": { "eval": "config_template_pv" },
             "icon_path": { "eval": 'self.dir_path + "/icon.png" if self.dir_path is not None else None' },
+            # used to suppress side effects of clone_attrs
+            "_do_not_reset_firewall": { "eval": 'False' },
             "kernels_dir": { 'eval': 'qubes_kernels_base_dir + "/" + self.kernel if self.kernel is not None else ' + \
                 # for backward compatibility (or another rare case): kernel=None -> kernel in VM dir
                 'self.dir_path + "/" + default_kernels_subdir' },
@@ -396,12 +398,13 @@ class QubesVm(object):
                     self.netvm.post_vm_net_detach(self)
 
         if new_netvm is None:
-            # Set also firewall to block all traffic as discussed in #370
-            if os.path.exists(self.firewall_conf):
-                shutil.copy(self.firewall_conf, "%s/backup/%s-firewall-%s.xml"
-                        % (qubes_base_dir, self.name, time.strftime('%Y-%m-%d-%H:%M:%S')))
-            self.write_firewall_conf({'allow': False, 'allowDns': False,
-                    'allowIcmp': False, 'allowYumProxy': False, 'rules': []})
+            if not self._do_not_reset_firewall:
+                # Set also firewall to block all traffic as discussed in #370
+                if os.path.exists(self.firewall_conf):
+                    shutil.copy(self.firewall_conf, "%s/backup/%s-firewall-%s.xml"
+                            % (qubes_base_dir, self.name, time.strftime('%Y-%m-%d-%H:%M:%S')))
+                self.write_firewall_conf({'allow': False, 'allowDns': False,
+                        'allowIcmp': False, 'allowYumProxy': False, 'rules': []})
         else:
             new_netvm.connected_vms[self.qid]=self
 
@@ -1034,8 +1037,10 @@ class QubesVm(object):
             '_mac', 'pcidevs', 'include_in_backups']
 
     def clone_attrs(self, src_vm):
+        self._do_not_reset_firewall = True
         for prop in self.get_clone_attrs():
             setattr(self, prop, getattr(src_vm, prop))
+        self._do_not_reset_firewall = False
 
     def clone_disk_files(self, src_vm, verbose):
         if dry_run: