api: improve handling destination removed just before the call
There are cases when destination domain doesn't exist when the call gets to qubesd. Namely: 1. The call comes from dom0, which bypasses qrexec policy 2. Domain was removed between checking the policy and here Handle the the same way as if the domain wouldn't exist at policy evaluation stage either - i.e. refuse the call. On the client side it doesn't change much, but on the server call it avoids ugly, useless tracebacks in system journal. Fixes QubesOS/qubes-issues#5105
This commit is contained in:
parent
8ecf00bd0e
commit
eb39f69882
@ -121,8 +121,17 @@ class AbstractQubesAPI:
|
|||||||
#: source qube
|
#: source qube
|
||||||
self.src = self.app.domains[src.decode('ascii')]
|
self.src = self.app.domains[src.decode('ascii')]
|
||||||
|
|
||||||
#: destination qube
|
try:
|
||||||
self.dest = self.app.domains[dest.decode('ascii')]
|
#: destination qube
|
||||||
|
self.dest = self.app.domains[dest.decode('ascii')]
|
||||||
|
except KeyError:
|
||||||
|
# normally this should filtered out by qrexec policy, but there are
|
||||||
|
# two cases it might not be:
|
||||||
|
# 1. The call comes from dom0, which bypasses qrexec policy
|
||||||
|
# 2. Domain was removed between checking the policy and here
|
||||||
|
# For uniform handling on the client side, treat this as permission
|
||||||
|
# denied error too
|
||||||
|
raise PermissionDenied
|
||||||
|
|
||||||
#: argument
|
#: argument
|
||||||
self.arg = arg.decode('ascii')
|
self.arg = arg.decode('ascii')
|
||||||
|
Loading…
Reference in New Issue
Block a user