Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add qubes.GetDate proxy service

Browse Source 
This enable two things:
1. Follow global clockvm setting, without adjusting qrexec policy.
2. Avoid starting clockvm by arbitrary VM.

Fixes QubesOS/qubes-issues#3588
This commit is contained in:
Marek Marczykowski-Górecki 2018-03-02 20:39:28 +01:00
parent 7c4566ec14
commit bda9264e19
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
4 changed files with 45 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile
View File

@ -184,6 +184,7 @@ endif
cp qubes-rpc-policy/qubes.GetDate.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.GetDate cp qubes-rpc-policy/qubes.GetDate.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.GetDate
cp qubes-rpc-policy/policy.RegisterArgument.policy $(DESTDIR)/etc/qubes-rpc/policy/policy.RegisterArgument cp qubes-rpc-policy/policy.RegisterArgument.policy $(DESTDIR)/etc/qubes-rpc/policy/policy.RegisterArgument
cp qubes-rpc/qubes.FeaturesRequest $(DESTDIR)/etc/qubes-rpc/ cp qubes-rpc/qubes.FeaturesRequest $(DESTDIR)/etc/qubes-rpc/
cp qubes-rpc/qubes.GetDate $(DESTDIR)/etc/qubes-rpc/
cp qubes-rpc/qubes.GetRandomizedTime $(DESTDIR)/etc/qubes-rpc/ cp qubes-rpc/qubes.GetRandomizedTime $(DESTDIR)/etc/qubes-rpc/
cp qubes-rpc/qubes.NotifyTools $(DESTDIR)/etc/qubes-rpc/ cp qubes-rpc/qubes.NotifyTools $(DESTDIR)/etc/qubes-rpc/
cp qubes-rpc/qubes.NotifyUpdates $(DESTDIR)/etc/qubes-rpc/ cp qubes-rpc/qubes.NotifyUpdates $(DESTDIR)/etc/qubes-rpc/

2
qubes-rpc-policy/qubes.GetDate.policy
View File

@ -3,4 +3,4 @@
## Please use a single # to start your custom comments ## Please use a single # to start your custom comments
$anyvm $anyvm allow,target=sys-net $anyvm $anyvm allow,target=dom0

42
qubes-rpc/qubes.GetDate Executable file
View File

@ -0,0 +1,42 @@
#!/usr/bin/python3
#
# The Qubes OS Project, https://www.qubes-os.org/
#
# Copyright (C) 2017 Marek Marczykowski-Górecki
# <marmarek@invisiblethingslab.com>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, see <https://www.gnu.org/licenses/>.
#
import qubesadmin
import datetime
import subprocess
def main():
app = qubesadmin.Qubes()
clockvm = app.clockvm
if clockvm is None:
return
if not clockvm.is_running():
# print dom0 time if clockvm is not running
print(datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S+00:00'))
else:
# passthrough request to the clockvm
p = clockvm.run_service('qubes.GetDate', stdout=None, stdin=subprocess.DEVNULL)
p.wait()
if __name__ == '__main__':
main()

1
rpm_spec/core-dom0.spec
View File

@ -438,6 +438,7 @@ fi
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/policy.RegisterArgument %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/policy.RegisterArgument
/etc/qubes-rpc/admin.* /etc/qubes-rpc/admin.*
/etc/qubes-rpc/qubes.FeaturesRequest /etc/qubes-rpc/qubes.FeaturesRequest
/etc/qubes-rpc/qubes.GetDate
/etc/qubes-rpc/qubes.GetRandomizedTime /etc/qubes-rpc/qubes.GetRandomizedTime
/etc/qubes-rpc/qubes.NotifyTools /etc/qubes-rpc/qubes.NotifyTools
/etc/qubes-rpc/qubes.NotifyUpdates /etc/qubes-rpc/qubes.NotifyUpdates