Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

qubes_netwatcher: add a note about NETCFG untrusted origin

Browse Source
This commit is contained in:
Rafal Wojtczuk 2011-05-09 16:23:52 +02:00
parent 8733c0ef77
commit adad94cb09
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
proxyvm/bin/qubes_netwatcher
View File

@ -13,11 +13,12 @@ trap 'exit 0' SIGTERM
while true; do
NET_DOMID=$(/usr/bin/xenstore-read qubes_netvm_domid)
if [[ -n "$NET_DOMID" ]] && [[ $NET_DOMID -gt 0 ]]; then
NETCFG=$(/usr/bin/xenstore-read /local/domain/$NET_DOMID/qubes_netvm_external_ip)
if [[ "$NETCFG" != "$CURR_NETCFG" ]]; then
UNTRUSTED_NETCFG=$(/usr/bin/xenstore-read /local/domain/$NET_DOMID/qubes_netvm_external_ip)
# UNTRUSTED_NETCFG is not parsed in any way
if [[ "$UNTRUSTED_NETCFG" != "$CURR_NETCFG" ]]; then
/sbin/service qubes_firewall stop
/sbin/service qubes_firewall start
CURR_NETCFG="$NETCFG"
CURR_NETCFG="$UNTRUSTED_NETCFG"
/usr/bin/xenstore-write qubes_netvm_external_ip "$CURR_NETCFG"
fi