From b42e09e4bab990d591507fc637e12dcab5a1bc25 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Wed, 11 Jul 2012 23:53:23 +0200
Subject: [PATCH] dom0/qvm-tools: Warn the user when running qvm-tool as root
 is not recommended (#612)

---
 dom0/qvm-tools/qvm-add-appvm     | 9 +++++++++
 dom0/qvm-tools/qvm-add-template  | 9 +++++++++
 dom0/qvm-tools/qvm-backup        | 9 +++++++++
 dom0/qvm-tools/qvm-block         | 9 +++++++++
 dom0/qvm-tools/qvm-clone         | 9 +++++++++
 dom0/qvm-tools/qvm-firewall      | 9 +++++++++
 dom0/qvm-tools/qvm-prefs         | 9 +++++++++
 dom0/qvm-tools/qvm-sync-appmenus | 9 +++++++++
 8 files changed, 72 insertions(+)

diff --git a/dom0/qvm-tools/qvm-add-appvm b/dom0/qvm-tools/qvm-add-appvm
index b0c6ed74..f30c1afd 100755
--- a/dom0/qvm-tools/qvm-add-appvm
+++ b/dom0/qvm-tools/qvm-add-appvm
@@ -37,6 +37,8 @@ def main():
     parser.add_option ("-c", "--conf", dest="conf_file",
                        help="Specify the Xen VM .conf file to use\
                        (relative to the template dir path)")
+    parser.add_option ("--force-root", action="store_true", dest="force_root", default=False,
+                       help="Force to run, even with root privileges")
 
     (options, args) = parser.parse_args ()
     if (len (args) != 2):
@@ -44,6 +46,13 @@ def main():
     vmname = args[0]
     templatename = args[1]
 
+    if os.geteuid() == 0:
+        if not options.force_root:
+            print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems."
+            print >> sys.stderr, "Retry as unprivileged user."
+            print >> sys.stderr, "... or use --force-root to continue anyway."
+            exit(1)
+
     qvm_collection = QubesVmCollection()
     qvm_collection.lock_db_for_writing()
     qvm_collection.load()
diff --git a/dom0/qvm-tools/qvm-add-template b/dom0/qvm-tools/qvm-add-template
index 4aeb1730..c1fbe67d 100755
--- a/dom0/qvm-tools/qvm-add-template
+++ b/dom0/qvm-tools/qvm-add-template
@@ -38,6 +38,8 @@ def main():
 
     parser.add_option ("--rpm", action="store_true", dest="installed_by_rpm",
                        help="Template files have been installed by RPM", default=False)
+    parser.add_option ("--force-root", action="store_true", dest="force_root", default=False,
+                       help="Force to run, even with root privileges")
 
 
     (options, args) = parser.parse_args ()
@@ -45,6 +47,13 @@ def main():
         parser.error ("You must specify at least the TemplateVM name!")
     vmname = args[0]
 
+    if os.geteuid() == 0:
+        if not options.force_root and not options.installed_by_rpm:
+            print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems."
+            print >> sys.stderr, "Retry as unprivileged user."
+            print >> sys.stderr, "... or use --force-root to continue anyway."
+            exit(1)
+
     qvm_collection = QubesVmCollection()
     qvm_collection.lock_db_for_writing()
     qvm_collection.load()
diff --git a/dom0/qvm-tools/qvm-backup b/dom0/qvm-tools/qvm-backup
index 67e276c6..0604b9ce 100755
--- a/dom0/qvm-tools/qvm-backup
+++ b/dom0/qvm-tools/qvm-backup
@@ -36,6 +36,8 @@ def main():
 
     parser.add_option ("-x", "--exclude", action="append", dest="exclude_list",
                        help="Exclude the specified VM from backup (might be repeated)")
+    parser.add_option ("--force-root", action="store_true", dest="force_root", default=False,
+                       help="Force to run, even with root privileges")
 
     (options, args) = parser.parse_args ()
 
@@ -46,6 +48,13 @@ def main():
 
     base_backup_dir = args[0]
 
+    if os.geteuid() == 0:
+        if not options.force_root:
+            print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems."
+            print >> sys.stderr, "Retry as unprivileged user."
+            print >> sys.stderr, "... or use --force-root to continue anyway."
+            exit(1)
+
     # Only for locking
     qvm_collection = QubesVmCollection()
     qvm_collection.lock_db_for_reading()
diff --git a/dom0/qvm-tools/qvm-block b/dom0/qvm-tools/qvm-block
index f31f7848..f7417561 100755
--- a/dom0/qvm-tools/qvm-block
+++ b/dom0/qvm-tools/qvm-block
@@ -50,9 +50,18 @@ def main():
                         help="Fail when device already connected to other VM")
     parser.add_option ("--show-system-disks", dest="system_disks", action="store_true", default=False,
                         help="List also system disks")
+    parser.add_option ("--force-root", action="store_true", dest="force_root", default=False,
+                       help="Force to run, even with root privileges")
 
     (options, args) = parser.parse_args ()
 
+    if os.geteuid() == 0:
+        if not options.force_root:
+            print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems."
+            print >> sys.stderr, "Retry as unprivileged user."
+            print >> sys.stderr, "... or use --force-root to continue anyway."
+            exit(1)
+
     if options.do_file_attach:
         options.do_attach = True
 
diff --git a/dom0/qvm-tools/qvm-clone b/dom0/qvm-tools/qvm-clone
index ecdfc66c..2994148a 100755
--- a/dom0/qvm-tools/qvm-clone
+++ b/dom0/qvm-tools/qvm-clone
@@ -34,6 +34,8 @@ def main():
     parser.add_option ("-q", "--quiet", action="store_false", dest="verbose", default=True)
     parser.add_option ("-p", "--path", dest="dir_path",
                        help="Specify path to the template directory")
+    parser.add_option ("--force-root", action="store_true", dest="force_root", default=False,
+                       help="Force to run, even with root privileges")
 
     (options, args) = parser.parse_args ()
     if (len (args) != 2):
@@ -41,6 +43,13 @@ def main():
     srcname = args[0]
     dstname = args[1]
 
+    if os.geteuid() == 0:
+        if not options.force_root:
+            print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems."
+            print >> sys.stderr, "Retry as unprivileged user."
+            print >> sys.stderr, "... or use --force-root to continue anyway."
+            exit(1)
+
     qvm_collection = QubesVmCollection()
     qvm_collection.lock_db_for_writing()
     qvm_collection.load()
diff --git a/dom0/qvm-tools/qvm-firewall b/dom0/qvm-tools/qvm-firewall
index 581fd3ca..9d434cda 100755
--- a/dom0/qvm-tools/qvm-firewall
+++ b/dom0/qvm-tools/qvm-firewall
@@ -257,6 +257,8 @@ def main():
 
     parser.add_option ("-n", "--numeric", dest="numeric", action="store_true", default=False,
             help="Display port numbers instead of services (makes sense only with --list)")
+    parser.add_option ("--force-root", action="store_true", dest="force_root", default=False,
+                       help="Force to run, even with root privileges")
 
     (options, args) = parser.parse_args ()
     if (len (args) < 1):
@@ -264,6 +266,13 @@ def main():
     vmname = args[0]
     args = args[1:]
 
+    if os.geteuid() == 0:
+        if not options.force_root:
+            print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems."
+            print >> sys.stderr, "Retry as unprivileged user."
+            print >> sys.stderr, "... or use --force-root to continue anyway."
+            exit(1)
+
     if options.do_add or options.do_del or options.set_policy or options.set_icmp or options.set_dns or options.set_yum_proxy:
         options.do_list = False
     qvm_collection = QubesVmCollection()
diff --git a/dom0/qvm-tools/qvm-prefs b/dom0/qvm-tools/qvm-prefs
index 98db27ac..790ca1ed 100755
--- a/dom0/qvm-tools/qvm-prefs
+++ b/dom0/qvm-tools/qvm-prefs
@@ -342,6 +342,8 @@ def main():
     parser = OptionParser (usage)
     parser.add_option ("-l", "--list", action="store_true", dest="do_list", default=False)
     parser.add_option ("-s", "--set", action="store_true", dest="do_set", default=False)
+    parser.add_option ("--force-root", action="store_true", dest="force_root", default=False,
+                       help="Force to run, even with root privileges")
 
     (options, args) = parser.parse_args ()
     if (len (args) < 1):
@@ -349,6 +351,13 @@ def main():
 
     vmname = args[0]
 
+    if os.geteuid() == 0:
+        if not options.force_root:
+            print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems."
+            print >> sys.stderr, "Retry as unprivileged user."
+            print >> sys.stderr, "... or use --force-root to continue anyway."
+            exit(1)
+
     if options.do_list and options.do_set:
         print >> sys.stderr, "You cannot provide -l and -s at the same time!"
         exit (1)
diff --git a/dom0/qvm-tools/qvm-sync-appmenus b/dom0/qvm-tools/qvm-sync-appmenus
index 612c3370..fa9db396 100755
--- a/dom0/qvm-tools/qvm-sync-appmenus
+++ b/dom0/qvm-tools/qvm-sync-appmenus
@@ -143,6 +143,8 @@ def main():
 
     parser = OptionParser (usage)
     parser.add_option ("-v", "--verbose", action="store_true", dest="verbose", default=False)
+    parser.add_option ("--force-root", action="store_true", dest="force_root", default=False,
+                       help="Force to run, even with root privileges")
 
     (options, args) = parser.parse_args ()
     if (len (args) != 1) and env_vmname is None:
@@ -153,6 +155,13 @@ def main():
     else:
         vmname=args[0]
 
+    if os.geteuid() == 0:
+        if not options.force_root:
+            print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems."
+            print >> sys.stderr, "Retry as unprivileged user."
+            print >> sys.stderr, "... or use --force-root to continue anyway."
+            exit(1)
+
     qvm_collection = QubesVmCollection()
     qvm_collection.lock_db_for_reading()
     qvm_collection.load()