dom0/qvm-tools: Warn the user when running qvm-tool as root is not recommended (#612)

2012-07-11 23:53:23 +02:00 · 2012-07-11 23:53:23 +02:00 · ba81866b2f
commit ba81866b2f
parent 6686159750
8 changed files with 72 additions and 0 deletions
--- a/dom0/qvm-tools/qvm-add-appvm
+++ b/dom0/qvm-tools/qvm-add-appvm
@ -37,6 +37,8 @@ def main():
    parser.add_option ("-c", "--conf", dest="conf_file",
                       help="Specify the Xen VM .conf file to use\
                       (relative to the template dir path)")
+    parser.add_option ("--force-root", action="store_true", dest="force_root", default=False,
+                       help="Force to run, even with root privileges")

    (options, args) = parser.parse_args ()
    if (len (args) != 2):
@ -44,6 +46,13 @@ def main():
    vmname = args[0]
    templatename = args[1]

+    if os.geteuid() == 0:
+        if not options.force_root:
+            print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems."
+            print >> sys.stderr, "Retry as unprivileged user."
+            print >> sys.stderr, "... or use --force-root to continue anyway."
+            exit(1)
+
    qvm_collection = QubesVmCollection()
    qvm_collection.lock_db_for_writing()
    qvm_collection.load()
--- a/dom0/qvm-tools/qvm-add-template
+++ b/dom0/qvm-tools/qvm-add-template
@ -38,6 +38,8 @@ def main():

    parser.add_option ("--rpm", action="store_true", dest="installed_by_rpm",
                       help="Template files have been installed by RPM", default=False)
+    parser.add_option ("--force-root", action="store_true", dest="force_root", default=False,
+                       help="Force to run, even with root privileges")


    (options, args) = parser.parse_args ()
@ -45,6 +47,13 @@ def main():
        parser.error ("You must specify at least the TemplateVM name!")
    vmname = args[0]

+    if os.geteuid() == 0:
+        if not options.force_root and not options.installed_by_rpm:
+            print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems."
+            print >> sys.stderr, "Retry as unprivileged user."
+            print >> sys.stderr, "... or use --force-root to continue anyway."
+            exit(1)
+
    qvm_collection = QubesVmCollection()
    qvm_collection.lock_db_for_writing()
    qvm_collection.load()
--- a/dom0/qvm-tools/qvm-backup
+++ b/dom0/qvm-tools/qvm-backup
@ -36,6 +36,8 @@ def main():

    parser.add_option ("-x", "--exclude", action="append", dest="exclude_list",
                       help="Exclude the specified VM from backup (might be repeated)")
+    parser.add_option ("--force-root", action="store_true", dest="force_root", default=False,
+                       help="Force to run, even with root privileges")

    (options, args) = parser.parse_args ()

@ -46,6 +48,13 @@ def main():

    base_backup_dir = args[0]

+    if os.geteuid() == 0:
+        if not options.force_root:
+            print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems."
+            print >> sys.stderr, "Retry as unprivileged user."
+            print >> sys.stderr, "... or use --force-root to continue anyway."
+            exit(1)
+
    # Only for locking
    qvm_collection = QubesVmCollection()
    qvm_collection.lock_db_for_reading()
--- a/dom0/qvm-tools/qvm-block
+++ b/dom0/qvm-tools/qvm-block
@ -50,9 +50,18 @@ def main():
                        help="Fail when device already connected to other VM")
    parser.add_option ("--show-system-disks", dest="system_disks", action="store_true", default=False,
                        help="List also system disks")
+    parser.add_option ("--force-root", action="store_true", dest="force_root", default=False,
+                       help="Force to run, even with root privileges")

    (options, args) = parser.parse_args ()

+    if os.geteuid() == 0:
+        if not options.force_root:
+            print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems."
+            print >> sys.stderr, "Retry as unprivileged user."
+            print >> sys.stderr, "... or use --force-root to continue anyway."
+            exit(1)
+
    if options.do_file_attach:
        options.do_attach = True

--- a/dom0/qvm-tools/qvm-clone
+++ b/dom0/qvm-tools/qvm-clone
@ -34,6 +34,8 @@ def main():
    parser.add_option ("-q", "--quiet", action="store_false", dest="verbose", default=True)
    parser.add_option ("-p", "--path", dest="dir_path",
                       help="Specify path to the template directory")
+    parser.add_option ("--force-root", action="store_true", dest="force_root", default=False,
+                       help="Force to run, even with root privileges")

    (options, args) = parser.parse_args ()
    if (len (args) != 2):
@ -41,6 +43,13 @@ def main():
    srcname = args[0]
    dstname = args[1]

+    if os.geteuid() == 0:
+        if not options.force_root:
+            print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems."
+            print >> sys.stderr, "Retry as unprivileged user."
+            print >> sys.stderr, "... or use --force-root to continue anyway."
+            exit(1)
+
    qvm_collection = QubesVmCollection()
    qvm_collection.lock_db_for_writing()
    qvm_collection.load()
--- a/dom0/qvm-tools/qvm-firewall
+++ b/dom0/qvm-tools/qvm-firewall
@ -257,6 +257,8 @@ def main():

    parser.add_option ("-n", "--numeric", dest="numeric", action="store_true", default=False,
            help="Display port numbers instead of services (makes sense only with --list)")
+    parser.add_option ("--force-root", action="store_true", dest="force_root", default=False,
+                       help="Force to run, even with root privileges")

    (options, args) = parser.parse_args ()
    if (len (args) < 1):
@ -264,6 +266,13 @@ def main():
    vmname = args[0]
    args = args[1:]

+    if os.geteuid() == 0:
+        if not options.force_root:
+            print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems."
+            print >> sys.stderr, "Retry as unprivileged user."
+            print >> sys.stderr, "... or use --force-root to continue anyway."
+            exit(1)
+
    if options.do_add or options.do_del or options.set_policy or options.set_icmp or options.set_dns or options.set_yum_proxy:
        options.do_list = False
    qvm_collection = QubesVmCollection()
--- a/dom0/qvm-tools/qvm-prefs
+++ b/dom0/qvm-tools/qvm-prefs
@ -386,6 +386,8 @@ def main():
    parser = OptionParser (usage)
    parser.add_option ("-l", "--list", action="store_true", dest="do_list", default=False)
    parser.add_option ("-s", "--set", action="store_true", dest="do_set", default=False)
+    parser.add_option ("--force-root", action="store_true", dest="force_root", default=False,
+                       help="Force to run, even with root privileges")

    (options, args) = parser.parse_args ()
    if (len (args) < 1):
@ -393,6 +395,13 @@ def main():

    vmname = args[0]

+    if os.geteuid() == 0:
+        if not options.force_root:
+            print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems."
+            print >> sys.stderr, "Retry as unprivileged user."
+            print >> sys.stderr, "... or use --force-root to continue anyway."
+            exit(1)
+
    if options.do_list and options.do_set:
        print >> sys.stderr, "You cannot provide -l and -s at the same time!"
        exit (1)
--- a/dom0/qvm-tools/qvm-sync-appmenus
+++ b/dom0/qvm-tools/qvm-sync-appmenus
@ -143,6 +143,8 @@ def main():

    parser = OptionParser (usage)
    parser.add_option ("-v", "--verbose", action="store_true", dest="verbose", default=False)
+    parser.add_option ("--force-root", action="store_true", dest="force_root", default=False,
+                       help="Force to run, even with root privileges")

    (options, args) = parser.parse_args ()
    if (len (args) != 1) and env_vmname is None:
@ -153,6 +155,13 @@ def main():
    else:
        vmname=args[0]

+    if os.geteuid() == 0:
+        if not options.force_root:
+            print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems."
+            print >> sys.stderr, "Retry as unprivileged user."
+            print >> sys.stderr, "... or use --force-root to continue anyway."
+            exit(1)
+
    qvm_collection = QubesVmCollection()
    qvm_collection.lock_db_for_reading()
    qvm_collection.load()