templatevm: set default netvm to None for templates

Since we have qrexec-based updates proxy, we can even stronger isolate templates from outside threats. QubesOS/qubes-issues#1854
2017-06-01 04:26:44 +02:00 · 2017-06-01 04:26:44 +02:00 · d5cd58df51
commit d5cd58df51
parent 1ed0b14d93
1 changed files with 8 additions and 0 deletions
--- a/qubes/vm/templatevm.py
+++ b/qubes/vm/templatevm.py
@ -27,6 +27,7 @@ import warnings
 import qubes
 import qubes.config
 import qubes.vm.qubesvm
+import qubes.vm.mix.net
 from qubes.config import defaults
 from qubes.vm.qubesvm import QubesVM

@ -52,6 +53,13 @@ class TemplateVM(QubesVM):
            if hasattr(vm, 'template') and vm.template is self:
                yield vm

+    netvm = qubes.VMProperty('netvm', load_stage=4, allow_none=True,
+        default=None,
+        # pylint: disable=protected-access
+        setter=qubes.vm.qubesvm.QubesVM.netvm._setter,
+        doc='VM that provides network connection to this domain. When '
+            '`None`, machine is disconnected.')
+
    def __init__(self, *args, **kwargs):
        assert 'template' not in kwargs, "A TemplateVM can not have a template"
        self.volume_config = {