Fixed external_ip permissions setting and netvm_domid entry handling.

This commit is contained in:
Tomasz Sterna 2011-03-10 13:38:49 +01:00
parent a71b846ee2
commit ae2d170a7e

View File

@ -924,10 +924,14 @@ class QubesNetVm(QubesServiceVm):
"/usr/bin/xenstore-write", "/usr/bin/xenstore-write",
"/local/domain/{0}/qubes_netvm_external_ip".format(xid), "/local/domain/{0}/qubes_netvm_external_ip".format(xid),
""]) ""])
self.update_external_ip_permissions() self.update_external_ip_permissions(xid)
def update_external_ip_permissions(self): def update_external_ip_permissions(self, xid = -1):
if xid < 0:
xid = self.get_xid() xid = self.get_xid()
if xid < 0:
return
command = [ command = [
"/usr/bin/xenstore-chmod", "/usr/bin/xenstore-chmod",
"/local/domain/{0}/qubes_netvm_external_ip".format(xid) "/local/domain/{0}/qubes_netvm_external_ip".format(xid)
@ -972,12 +976,19 @@ class QubesFirewallVm(QubesNetVm):
def __init__(self, **kwargs): def __init__(self, **kwargs):
super(QubesFirewallVm, self).__init__(uses_default_netvm=False, **kwargs) super(QubesFirewallVm, self).__init__(uses_default_netvm=False, **kwargs)
self.rules_applied = None self.rules_applied = None
self.netvm_vm.add_external_ip_permission(self.get_xid())
@property @property
def type(self): def type(self):
return "FirewallVM" return "FirewallVM"
def start(self, debug_console = False, verbose = False, preparing_dvm = False):
if dry_run:
return
retcode = super(QubesFirewallVm, self).start(debug_console=debug_console, verbose=verbose, preparing_dvm=preparing_dvm)
self.netvm_vm.add_external_ip_permission(self.get_xid())
self.write_netvm_domid_entry()
return retcode
def force_shutdown(self): def force_shutdown(self):
if dry_run: if dry_run:
return return
@ -989,10 +1000,6 @@ class QubesFirewallVm(QubesNetVm):
return return
super(QubesFirewallVm, self).create_xenstore_entries(xid) super(QubesFirewallVm, self).create_xenstore_entries(xid)
retcode = subprocess.check_call ([
"/usr/bin/xenstore-write",
"/local/domain/{0}/qubes_netvm_domid".format(xid),
"{0}".format(self.netvm_vm.get_xid())])
retcode = subprocess.check_call ([ retcode = subprocess.check_call ([
"/usr/bin/xenstore-write", "/usr/bin/xenstore-write",
"/local/domain/{0}/qubes_iptables_error".format(xid), "/local/domain/{0}/qubes_iptables_error".format(xid),
@ -1003,6 +1010,15 @@ class QubesFirewallVm(QubesNetVm):
"r{0}".format(xid), "w{0}".format(xid)]) "r{0}".format(xid), "w{0}".format(xid)])
self.write_iptables_xenstore_entry() self.write_iptables_xenstore_entry()
def write_netvm_domid_entry(self, xid = -1):
if xid < 0:
xid = self.get_xid()
return subprocess.check_call ([
"/usr/bin/xenstore-write", "--",
"/local/domain/{0}/qubes_netvm_domid".format(xid),
"{0}".format(self.netvm_vm.get_xid())])
def write_iptables_xenstore_entry(self): def write_iptables_xenstore_entry(self):
iptables = "# Generated by Qubes Core on {0}\n".format(datetime.now().ctime()) iptables = "# Generated by Qubes Core on {0}\n".format(datetime.now().ctime())
iptables += "*filter\n" iptables += "*filter\n"
@ -1071,6 +1087,8 @@ class QubesFirewallVm(QubesNetVm):
iptables += "COMMIT" iptables += "COMMIT"
self.write_netvm_domid_entry()
self.rules_applied = None self.rules_applied = None
return subprocess.check_call ([ return subprocess.check_call ([
"/usr/bin/xenstore-write", "/usr/bin/xenstore-write",