Fixed external_ip permissions setting and netvm_domid entry handling.
This commit is contained in:
parent
a71b846ee2
commit
ae2d170a7e
@ -924,10 +924,14 @@ class QubesNetVm(QubesServiceVm):
|
|||||||
"/usr/bin/xenstore-write",
|
"/usr/bin/xenstore-write",
|
||||||
"/local/domain/{0}/qubes_netvm_external_ip".format(xid),
|
"/local/domain/{0}/qubes_netvm_external_ip".format(xid),
|
||||||
""])
|
""])
|
||||||
self.update_external_ip_permissions()
|
self.update_external_ip_permissions(xid)
|
||||||
|
|
||||||
def update_external_ip_permissions(self):
|
def update_external_ip_permissions(self, xid = -1):
|
||||||
|
if xid < 0:
|
||||||
xid = self.get_xid()
|
xid = self.get_xid()
|
||||||
|
if xid < 0:
|
||||||
|
return
|
||||||
|
|
||||||
command = [
|
command = [
|
||||||
"/usr/bin/xenstore-chmod",
|
"/usr/bin/xenstore-chmod",
|
||||||
"/local/domain/{0}/qubes_netvm_external_ip".format(xid)
|
"/local/domain/{0}/qubes_netvm_external_ip".format(xid)
|
||||||
@ -972,12 +976,19 @@ class QubesFirewallVm(QubesNetVm):
|
|||||||
def __init__(self, **kwargs):
|
def __init__(self, **kwargs):
|
||||||
super(QubesFirewallVm, self).__init__(uses_default_netvm=False, **kwargs)
|
super(QubesFirewallVm, self).__init__(uses_default_netvm=False, **kwargs)
|
||||||
self.rules_applied = None
|
self.rules_applied = None
|
||||||
self.netvm_vm.add_external_ip_permission(self.get_xid())
|
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def type(self):
|
def type(self):
|
||||||
return "FirewallVM"
|
return "FirewallVM"
|
||||||
|
|
||||||
|
def start(self, debug_console = False, verbose = False, preparing_dvm = False):
|
||||||
|
if dry_run:
|
||||||
|
return
|
||||||
|
retcode = super(QubesFirewallVm, self).start(debug_console=debug_console, verbose=verbose, preparing_dvm=preparing_dvm)
|
||||||
|
self.netvm_vm.add_external_ip_permission(self.get_xid())
|
||||||
|
self.write_netvm_domid_entry()
|
||||||
|
return retcode
|
||||||
|
|
||||||
def force_shutdown(self):
|
def force_shutdown(self):
|
||||||
if dry_run:
|
if dry_run:
|
||||||
return
|
return
|
||||||
@ -989,10 +1000,6 @@ class QubesFirewallVm(QubesNetVm):
|
|||||||
return
|
return
|
||||||
|
|
||||||
super(QubesFirewallVm, self).create_xenstore_entries(xid)
|
super(QubesFirewallVm, self).create_xenstore_entries(xid)
|
||||||
retcode = subprocess.check_call ([
|
|
||||||
"/usr/bin/xenstore-write",
|
|
||||||
"/local/domain/{0}/qubes_netvm_domid".format(xid),
|
|
||||||
"{0}".format(self.netvm_vm.get_xid())])
|
|
||||||
retcode = subprocess.check_call ([
|
retcode = subprocess.check_call ([
|
||||||
"/usr/bin/xenstore-write",
|
"/usr/bin/xenstore-write",
|
||||||
"/local/domain/{0}/qubes_iptables_error".format(xid),
|
"/local/domain/{0}/qubes_iptables_error".format(xid),
|
||||||
@ -1003,6 +1010,15 @@ class QubesFirewallVm(QubesNetVm):
|
|||||||
"r{0}".format(xid), "w{0}".format(xid)])
|
"r{0}".format(xid), "w{0}".format(xid)])
|
||||||
self.write_iptables_xenstore_entry()
|
self.write_iptables_xenstore_entry()
|
||||||
|
|
||||||
|
def write_netvm_domid_entry(self, xid = -1):
|
||||||
|
if xid < 0:
|
||||||
|
xid = self.get_xid()
|
||||||
|
|
||||||
|
return subprocess.check_call ([
|
||||||
|
"/usr/bin/xenstore-write", "--",
|
||||||
|
"/local/domain/{0}/qubes_netvm_domid".format(xid),
|
||||||
|
"{0}".format(self.netvm_vm.get_xid())])
|
||||||
|
|
||||||
def write_iptables_xenstore_entry(self):
|
def write_iptables_xenstore_entry(self):
|
||||||
iptables = "# Generated by Qubes Core on {0}\n".format(datetime.now().ctime())
|
iptables = "# Generated by Qubes Core on {0}\n".format(datetime.now().ctime())
|
||||||
iptables += "*filter\n"
|
iptables += "*filter\n"
|
||||||
@ -1071,6 +1087,8 @@ class QubesFirewallVm(QubesNetVm):
|
|||||||
|
|
||||||
iptables += "COMMIT"
|
iptables += "COMMIT"
|
||||||
|
|
||||||
|
self.write_netvm_domid_entry()
|
||||||
|
|
||||||
self.rules_applied = None
|
self.rules_applied = None
|
||||||
return subprocess.check_call ([
|
return subprocess.check_call ([
|
||||||
"/usr/bin/xenstore-write",
|
"/usr/bin/xenstore-write",
|
||||||
|
Loading…
Reference in New Issue
Block a user