Add qubes.GetDate proxy service
This enable two things: 1. Follow global clockvm setting, without adjusting qrexec policy. 2. Avoid starting clockvm by arbitrary VM. Fixes QubesOS/qubes-issues#3588
This commit is contained in:
parent
7c4566ec14
commit
bda9264e19
1
Makefile
1
Makefile
@ -184,6 +184,7 @@ endif
|
||||
cp qubes-rpc-policy/qubes.GetDate.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.GetDate
|
||||
cp qubes-rpc-policy/policy.RegisterArgument.policy $(DESTDIR)/etc/qubes-rpc/policy/policy.RegisterArgument
|
||||
cp qubes-rpc/qubes.FeaturesRequest $(DESTDIR)/etc/qubes-rpc/
|
||||
cp qubes-rpc/qubes.GetDate $(DESTDIR)/etc/qubes-rpc/
|
||||
cp qubes-rpc/qubes.GetRandomizedTime $(DESTDIR)/etc/qubes-rpc/
|
||||
cp qubes-rpc/qubes.NotifyTools $(DESTDIR)/etc/qubes-rpc/
|
||||
cp qubes-rpc/qubes.NotifyUpdates $(DESTDIR)/etc/qubes-rpc/
|
||||
|
@ -3,4 +3,4 @@
|
||||
|
||||
## Please use a single # to start your custom comments
|
||||
|
||||
$anyvm $anyvm allow,target=sys-net
|
||||
$anyvm $anyvm allow,target=dom0
|
||||
|
42
qubes-rpc/qubes.GetDate
Executable file
42
qubes-rpc/qubes.GetDate
Executable file
@ -0,0 +1,42 @@
|
||||
#!/usr/bin/python3
|
||||
#
|
||||
# The Qubes OS Project, https://www.qubes-os.org/
|
||||
#
|
||||
# Copyright (C) 2017 Marek Marczykowski-Górecki
|
||||
# <marmarek@invisiblethingslab.com>
|
||||
#
|
||||
# This library is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU Lesser General Public
|
||||
# License as published by the Free Software Foundation; either
|
||||
# version 2.1 of the License, or (at your option) any later version.
|
||||
#
|
||||
# This library is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# Lesser General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Lesser General Public
|
||||
# License along with this library; if not, see <https://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
import qubesadmin
|
||||
import datetime
|
||||
import subprocess
|
||||
|
||||
def main():
|
||||
app = qubesadmin.Qubes()
|
||||
|
||||
clockvm = app.clockvm
|
||||
if clockvm is None:
|
||||
return
|
||||
|
||||
if not clockvm.is_running():
|
||||
# print dom0 time if clockvm is not running
|
||||
print(datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S+00:00'))
|
||||
else:
|
||||
# passthrough request to the clockvm
|
||||
p = clockvm.run_service('qubes.GetDate', stdout=None, stdin=subprocess.DEVNULL)
|
||||
p.wait()
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -438,6 +438,7 @@ fi
|
||||
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/policy.RegisterArgument
|
||||
/etc/qubes-rpc/admin.*
|
||||
/etc/qubes-rpc/qubes.FeaturesRequest
|
||||
/etc/qubes-rpc/qubes.GetDate
|
||||
/etc/qubes-rpc/qubes.GetRandomizedTime
|
||||
/etc/qubes-rpc/qubes.NotifyTools
|
||||
/etc/qubes-rpc/qubes.NotifyUpdates
|
||||
|
Loading…
Reference in New Issue
Block a user