From efeb284ab119451996667eec7b552a3967c9a3c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Thu, 21 Nov 2013 03:38:12 +0100 Subject: [PATCH] core: do not call resize2fs on private.img in dom0 Do not parse VM data (filesystem metadata in this case) in dom0, as this expose dom0 for potential attack. --- core-modules/000QubesVm.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/core-modules/000QubesVm.py b/core-modules/000QubesVm.py index 82e14ff2..5257b50c 100644 --- a/core-modules/000QubesVm.py +++ b/core-modules/000QubesVm.py @@ -721,8 +721,6 @@ class QubesVm(object): retcode = self.run("while [ \"`blockdev --getsize64 /dev/xvdb`\" -lt {0} ]; do ".format(size) + "head /dev/xvdb > /dev/null; sleep 0.2; done; resize2fs /dev/xvdb", user="root", wait=True) - else: - retcode = subprocess.check_call(["sudo", "resize2fs", "-f", self.private_img]) if retcode != 0: raise QubesException("resize2fs failed")