Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

qrexec: use $anyvm and $dispvm symbols

Browse Source
This commit is contained in:
Rafal Wojtczuk 2011-07-22 16:07:06 +02:00
parent 7cfbe1c7d8
commit c23cc480b8
7 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
appvm/qubes.Filecopy.policy
View File

@ -1 +1 @@
anyvm anyvm ask,user=root $anyvm $anyvm ask,user=root

4
appvm/qubes.OpenInVM.policy
View File

@ -1,2 +1,2 @@
anyvm dispvm allow $anyvm $dispvm allow
anyvm anyvm ask $anyvm $anyvm ask

2
appvm/qvm-open-in-dvm2
View File

@ -25,4 +25,4 @@ if ! [ $# = 1 ] ; then
exit 1 exit 1
fi fi
exec /usr/lib/qubes/qrexec_client_vm dispvm qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$1" exec /usr/lib/qubes/qrexec_client_vm '$dispvm' qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$1"

2
dom0/aux-tools/qubes.ReceiveUpdates.policy
View File

@ -1 +1 @@
anyvm dom0 allow $anyvm dom0 allow

2
dom0/qubes.SyncAppMenus.policy
View File

@ -1 +1 @@
anyvm dom0 allow $anyvm dom0 allow

2
qrexec/qrexec_daemon.c
View File

@ -372,7 +372,7 @@ void sanitize_name(char * untrusted_s_signed)
continue; continue;
if (*untrusted_s >= '0' && *untrusted_s <= '9') if (*untrusted_s >= '0' && *untrusted_s <= '9')
continue; continue;
if (*untrusted_s == '_' || *untrusted_s == '-' || *untrusted_s == '.' || *untrusted_s == ' ') if (*untrusted_s == '$' || *untrusted_s == '_' || *untrusted_s == '-' || *untrusted_s == '.' || *untrusted_s == ' ')
continue; continue;
*untrusted_s = '_'; *untrusted_s = '_';
} }

4
qrexec/qrexec_policy
View File

@ -40,7 +40,7 @@ def read_policy_file(exec_index):
return policy_list return policy_list
def is_match(item, config_term): def is_match(item, config_term):
return (item is not "dom0" and config_term == "anyvm") or item == config_term return (item is not "dom0" and config_term == "$anyvm") or item == config_term
def get_default_policy(): def get_default_policy():
dict={} dict={}
@ -76,7 +76,7 @@ def spawn_target_if_necessary(target):
def do_execute(domain, target, user, exec_index, process_ident): def do_execute(domain, target, user, exec_index, process_ident):
if target == "dom0": if target == "dom0":
cmd="/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain cmd="/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain
elif target == "dispvm": elif target == "$dispvm":
cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain + " " +user cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain + " " +user
else: else:
# see the previous commit why "qvm-run -a" is broken and dangerous # see the previous commit why "qvm-run -a" is broken and dangerous