Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

templatevm: set default netvm to None for templates

Browse Source 
Since we have qrexec-based updates proxy, we can even stronger isolate
templates from outside threats.

QubesOS/qubes-issues#1854
This commit is contained in:
Marek Marczykowski-Górecki 2017-06-01 04:26:44 +02:00
parent 1ed0b14d93
commit d5cd58df51
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
qubes/vm/templatevm.py
View File

@ -27,6 +27,7 @@ import warnings
import qubes import qubes
import qubes.config import qubes.config
import qubes.vm.qubesvm import qubes.vm.qubesvm
import qubes.vm.mix.net
from qubes.config import defaults from qubes.config import defaults
from qubes.vm.qubesvm import QubesVM from qubes.vm.qubesvm import QubesVM
@ -52,6 +53,13 @@ class TemplateVM(QubesVM):
if hasattr(vm, 'template') and vm.template is self: if hasattr(vm, 'template') and vm.template is self:
yield vm yield vm
netvm = qubes.VMProperty('netvm', load_stage=4, allow_none=True,
default=None,
# pylint: disable=protected-access
setter=qubes.vm.qubesvm.QubesVM.netvm._setter,
doc='VM that provides network connection to this domain. When '
'`None`, machine is disconnected.')
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
assert 'template' not in kwargs, "A TemplateVM can not have a template" assert 'template' not in kwargs, "A TemplateVM can not have a template"
self.volume_config = { self.volume_config = {